Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: undefined method `force_encoding' for Brakeman::FilePath #1534

Closed
pboling opened this issue Dec 7, 2020 · 3 comments · Fixed by #1535
Closed

Error: undefined method `force_encoding' for Brakeman::FilePath #1534

pboling opened this issue Dec 7, 2020 · 3 comments · Fixed by #1535

Comments

@pboling
Copy link

pboling commented Dec 7, 2020
edited

Background

Brakeman version: 4.10.0
Rails version: 5.2.4.4 ... except not a "real" Rails app - it is a Ruby Grape app with most of the Rails stack of gems in use, like Active Record, Active Support, Action Mailer, Action Cable, etc.
Ruby version:

$ ruby -v
ruby 2.5.7p206 (2019-10-01 revision 67816) [x86_64-darwin19]

Parse Error

Minimal example that does not parse:

Unfortunately it is not clear where the parse error is. I read the troubleshooting steps, and tried them. First the brakeman output, and then the troubleshooting results follow. I am unable to find any literal concatenations of strings in the files that are raising the error, or in fact, anywhere in the codebase. Perhaps the fact that I am setting # frozen_string_literal: true at the top of my files is causing brakeman to blow up due to possible literal string concat's inside brakeman?

$ bundle exec brakeman
Loading scanner...
Processing application in /my/birthday/cake
Processing gems...
[Notice] Detected Rails 5 application
Processing configuration...
[Notice] Escaping HTML by default
Parsing files...
Processing initializers...
Processing libs...ssed
Processing routes...
[Notice] No route information found
Processing templates...
Processing data flow in templates...
Processing models...
Processing controllers...
Processing data flow in controllers...
Indexing call sites...
Running checks in parallel...
 - CheckBasicAuth
 - CheckBasicAuthTimingAttack
 - CheckCrossSiteScripting
 - CheckContentTag
 - CheckCookieSerialization
 - CheckCreateWith
 - CheckCSRFTokenForgeryCVE
 - CheckDefaultRoutes
 - CheckDeserialize
 - CheckDetailedExceptions
 - CheckDigestDoS
 - CheckDynamicFinders
 - CheckEscapeFunction
 - CheckEvaluation
 - CheckExecute
 - CheckFileAccess
 - CheckFileDisclosure
 - CheckFilterSkipping
 - CheckForgerySetting
 - CheckHeaderDoS
 - CheckI18nXSS
 - CheckJRubyXML
 - CheckJSONEncoding
 - CheckJSONEntityEscape
 - CheckJSONParsing
 - CheckLinkTo
 - CheckLinkToHref
 - CheckMailTo
 - CheckMassAssignment
 - CheckMimeTypeDoS
 - CheckModelAttrAccessible
 - CheckModelAttributes
 - CheckModelSerialize
 - CheckNestedAttributes
 - CheckNestedAttributesBypass
 - CheckNumberToCurrency
 - CheckPageCachingCVE
 - CheckPermitAttributes
 - CheckQuoteTableName
 - CheckRedirect
 - CheckRegexDoS
 - CheckRender
 - CheckRenderDoS
 - CheckRenderInline
 - CheckResponseSplitting
 - CheckRouteDoS
 - CheckSafeBufferManipulation
 - CheckSanitizeMethods
 - CheckSelectTag
 - CheckSelectVulnerability
 - CheckSend
 - CheckSendFile
 - CheckSessionManipulation
 - CheckSessionSettings
 - CheckSimpleFormat
 - CheckSingleQuotes
 - CheckSkipBeforeFilter
 - CheckSprocketsPathTraversal
 - CheckSQL
 - CheckSQLCVEs
 - CheckSSLVerify
 - CheckStripTags
 - CheckSymbolDoSCVE
 - CheckTemplateInjection
 - CheckTranslateBug
 - CheckUnsafeReflection
 - CheckValidationRegex
 - CheckWithoutProtection
 - CheckXMLDoS
 - CheckYAMLParsing
Checks finished, collecting results...
Generating report...

== Brakeman Report ==

Application Path: /my/birthday/cake
Rails Version: 5.2.4.4
Brakeman Version: 4.10.0
Scan Date: 2020-12-08 03:34:34 +0700
Duration: 2.364024 seconds
Checks Run: BasicAuth, BasicAuthTimingAttack, CSRFTokenForgeryCVE, ContentTag, CookieSerialization, CreateWith, CrossSiteScripting, DefaultRoutes, Deserialize, DetailedExceptions, DigestDoS, DynamicFinders, EscapeFunction, Evaluation, Execute, FileAccess, FileDisclosure, FilterSkipping, ForgerySetting, HeaderDoS, I18nXSS, JRubyXML, JSONEncoding, JSONEntityEscape, JSONParsing, LinkTo, LinkToHref, MailTo, MassAssignment, MimeTypeDoS, ModelAttrAccessible, ModelAttributes, ModelSerialize, NestedAttributes, NestedAttributesBypass, NumberToCurrency, PageCachingCVE, PermitAttributes, QuoteTableName, Redirect, RegexDoS, Render, RenderDoS, RenderInline, ResponseSplitting, RouteDoS, SQL, SQLCVEs, SSLVerify, SafeBufferManipulation, SanitizeMethods, SelectTag, SelectVulnerability, Send, SendFile, SessionManipulation, SessionSettings, SimpleFormat, SingleQuotes, SkipBeforeFilter, SprocketsPathTraversal, StripTags, SymbolDoSCVE, TemplateInjection, TranslateBug, UnsafeReflection, ValidationRegex, WithoutProtection, XMLDoS, YAMLParsing

== Overview ==

Controllers: 0
Models: 87
Templates: 1
Errors: 2
Security Warnings: 2

== Warning Types ==

SQL Injection: 2

== Errors ==

Error: undefined method `force_encoding' for #<Brakeman::FilePath:0x00007fb18d8102b8> While processing /my/birthday/cake/api/config/environment.rb
Location: /Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser_extras.rb:604:in `literal_concat'

Error: undefined method `force_encoding' for #<Brakeman::FilePath:0x00007fb18a1a2a28> While processing /my/birthday/cake/api/config/application.rb
Location: /Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser_extras.rb:604:in `literal_concat'

== Warnings ==

Confidence: Medium
Category: SQL Injection
Check: SQL
Message: Possible SQL injection
Code: ...
File: ...
Line: ...

Confidence: Medium
Category: SQL Injection
Check: SQL
Message: Possible SQL injection
Code: ...
File: ...
Line: ...

Results of ruby -c:

$ ruby -c config/environment.rb
Syntax OK
$ ruby -c config/application.rb
Syntax OK

Results of ruby_parse config/environment.rb:

ruby_parse config/environment.rb
# file = config/environment.rb loc = 21
s(:block,
 s(:call, nil, :puts, s(:str, "[top.0] config/environment.rb")),
 s(:call, nil, :require_relative, s(:str, "boot")),
 s(:call,
  nil,
  :puts,
  s(:call,
   s(:call,
    s(:const, :ColorizedString),
    :[],
    s(:str, "[top.1] config/environment.rb")),
   :yellow)),
 s(:call, nil, :require_relative, s(:str, "environment.constants")),
 s(:call, nil, :require_relative, s(:str, "environment.database")),
 s(:call,
  nil,
  :puts,
  s(:call,
   s(:call,
    s(:const, :ColorizedString),
    :[],
    s(:str, "[top.2] config/environment.rb")),
   :yellow)),
 s(:call, nil, :require_relative, s(:str, "application")))
done



 0.00s:  6423.98 l/s:  149.96 Kb/s:    0 Kb:   21 loc:TOTAL

Results of ruby_parse config/application.rb:

ruby_parse config/application.rb
# file = config/application.rb loc = 64
s(:block,
 s(:call,
  nil,
  :puts,
  s(:call,
   s(:call,
    s(:const, :ColorizedString),
    :[],
    s(:str, "[app] config/application.rb")),
   :green)),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "config"),
      s(:str, "initializers"),
      s(:str, "*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:if,
   s(:call,
    s(:array, s(:str, "shoryuken"), s(:str, "sidekiq")),
    :include?,
    s(:call, s(:const, :File), :basename, s(:lvar, :f), s(:str, ".rb"))),
   nil,
   s(:call, nil, :require, s(:lvar, :f)))),
 s(:call, nil, :require, s(:str, "apis/microsoft_graph/microsoft_graph")),
 s(:call, nil, :require, s(:str, "apis/paperclip/grape_hashie_adaptor")),
 s(:call, nil, :require, s(:str, "tasks/utils/migrate_utils")),
 s(:call, nil, :require, s(:str, "utils/utils")),
 s(:call, nil, :require, s(:str, "elastic/search")),
 s(:call, nil, :require, s(:str, "entities/entities")),
 s(:call, nil, :require, s(:str, "producers/producer")),
 s(:call, nil, :require, s(:str, "consumers/consumers")),
 s(:call, nil, :require, s(:str, "validators/validators")),
 s(:call, nil, :require, s(:str, "services/services")),
 s(:call, nil, :require, s(:str, "routes/base")),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "errors"),
      s(:str, "*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "helpers"),
      s(:str, "*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "middleware"),
      s(:str, "*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "services"),
      s(:str, "**/*base.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "services"),
      s(:str, "**/*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:call, nil, :require, s(:str, "mail/mailers/mailer_base")),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "mail"),
      s(:str, "mailers"),
      s(:str, "**/*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:call, nil, :require, s(:str, "mail/builders/base_builder")),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "mail"),
      s(:str, "builders"),
      s(:str, "**/*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:call, nil, :require, s(:str, "mail/signatures/signatures")),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "mail"),
      s(:str, "signatures"),
      s(:str, "**/*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:call, nil, :require, s(:str, "mail/strategies/strategies")),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "mail"),
      s(:str, "strategies"),
      s(:str, "**/*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "mail"),
      s(:str, "support"),
      s(:str, "**/*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:call, nil, :require, s(:str, "models/base_record")),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "views"),
      s(:str, "**/*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:call, nil, :require, s(:str, "workers/base_worker")),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "routes"),
      s(:str, "*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "workers"),
      s(:str, "*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "workers"),
      s(:str, "**/*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "workers"),
      s(:str, "email_automation/*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "listeners"),
      s(:str, "*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:iter,
  s(:call,
   s(:call,
    s(:call,
     s(:const, :Dir),
     :glob,
     s(:call,
      s(:const, :ROOT),
      :join,
      s(:str, "app"),
      s(:str, "robots"),
      s(:str, "**/*.rb"))),
    :sort),
   :each),
  s(:args, :f),
  s(:call, nil, :require, s(:lvar, :f))),
 s(:call,
  nil,
  :require,
  s(:call,
   s(:const, :ROOT),
   :join,
   s(:str, "config"),
   s(:str, "initializers"),
   s(:str, "sidekiq.rb"))),
 s(:call,
  nil,
  :require,
  s(:call,
   s(:const, :ROOT),
   :join,
   s(:str, "config"),
   s(:str, "initializers"),
   s(:str, "shoryuken.rb"))),
 s(:call,
  nil,
  :require,
  s(:str, "shoryuken_workers/priority_consumer_worker")),
 s(:call, nil, :require, s(:str, "shoryuken_workers/bulk_consumer_worker")),
 s(:call,
  s(:colon2, s(:const, :Grape), :Endpoint),
  :include,
  s(:colon2, s(:colon2, s(:const, :Api), :CanCan), :Helpers)),
 s(:if,
  s(:call, s(:const, :RACK_ENV), :==, s(:str, "development")),
  s(:block,
   s(:iter,
    s(:call,
     s(:call,
      s(:call,
       s(:const, :Dir),
       :glob,
       s(:call,
        s(:const, :ROOT),
        :join,
        s(:str, "spec"),
        s(:str, "factories/**/"),
        s(:str, "*.rb"))),
      :sort),
     :each),
    s(:args, :f),
    s(:call, nil, :require, s(:lvar, :f))),
   s(:call,
    nil,
    :require,
    s(:call,
     s(:const, :ROOT),
     :join,
     s(:str, "spec"),
     s(:str, "support"),
     s(:str, "helpers"),
     s(:str, "request_stubs"),
     s(:str, "geocoder_stubs.rb")))),
  nil))
done


 0.02s:  2615.98 l/s:  121.47 Kb/s:    2 Kb:   64 loc:config/application.rb

 0.02s:  2615.98 l/s:  121.47 Kb/s:    2 Kb:   64 loc:TOTAL
@pboling
Copy link
Author

pboling commented Dec 7, 2020

Running again with debug output, I still don't see any references to "my" code. Here are the relevant sections:

== Errors ==

Error: undefined method `force_encoding' for #<Brakeman::FilePath:0x00007fc4ec32d710> While processing /Users/pboling/src/rivi/api/config/environment.rb
Location: /Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser_extras.rb:604:in `literal_concat'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby27_parser.rb:6399:in `_reduce_502'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/racc/parser.rb:259:in `_racc_do_parse_c'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/racc/parser.rb:259:in `do_parse'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser_extras.rb:1329:in `block in process'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/timeout.rb:93:in `block in timeout'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/timeout.rb:33:in `block in catch'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/timeout.rb:33:in `catch'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/timeout.rb:33:in `catch'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/timeout.rb:108:in `timeout'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser_extras.rb:1317:in `process'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser.rb:36:in `block in process'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser.rb:33:in `each'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser.rb:33:in `process'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/file_parser.rb:39:in `parse_ruby'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/scanner.rb:329:in `parse_ruby_file'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/scanner.rb:124:in `process_config_file'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/scanner.rb:99:in `process_config'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/scanner.rb:43:in `process'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman.rb:373:in `scan'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman.rb:84:in `run'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:157:in `run_brakeman'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:125:in `regular_report'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:166:in `run_report'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:35:in `run'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:20:in `start'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bin/brakeman:10:in `<top (required)>'
/Users/pboling/.asdf/installs/ruby/2.5.7/bin/brakeman:23:in `load'
/Users/pboling/.asdf/installs/ruby/2.5.7/bin/brakeman:23:in `<top (required)>'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `load'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `kernel_load'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:28:in `run'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli.rb:476:in `exec'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor.rb:399:in `dispatch'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli.rb:30:in `dispatch'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/base.rb:476:in `start'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli.rb:24:in `start'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/exe/bundle:46:in `block in <top (required)>'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/friendly_errors.rb:123:in `with_friendly_errors'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/exe/bundle:34:in `<top (required)>'
/Users/pboling/.asdf/installs/ruby/2.5.7/bin/bundle:23:in `load'
/Users/pboling/.asdf/installs/ruby/2.5.7/bin/bundle:23:in `<main>'

Error: undefined method `force_encoding' for #<Brakeman::FilePath:0x00007fc4eda5af78> While processing /Users/pboling/src/rivi/api/config/application.rb
Location: /Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser_extras.rb:604:in `literal_concat'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby27_parser.rb:6399:in `_reduce_502'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/racc/parser.rb:259:in `_racc_do_parse_c'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/racc/parser.rb:259:in `do_parse'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser_extras.rb:1329:in `block in process'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/timeout.rb:93:in `block in timeout'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/timeout.rb:33:in `block in catch'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/timeout.rb:33:in `catch'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/timeout.rb:33:in `catch'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/2.5.0/timeout.rb:108:in `timeout'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser_extras.rb:1317:in `process'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser.rb:36:in `block in process'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser.rb:33:in `each'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/ruby_parser-3.15.0/lib/ruby_parser.rb:33:in `process'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/file_parser.rb:39:in `parse_ruby'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/scanner.rb:329:in `parse_ruby_file'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/scanner.rb:124:in `process_config_file'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/scanner.rb:102:in `process_config'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/scanner.rb:43:in `process'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman.rb:373:in `scan'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman.rb:84:in `run'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:157:in `run_brakeman'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:125:in `regular_report'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:166:in `run_report'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:35:in `run'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:20:in `start'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bin/brakeman:10:in `<top (required)>'
/Users/pboling/.asdf/installs/ruby/2.5.7/bin/brakeman:23:in `load'
/Users/pboling/.asdf/installs/ruby/2.5.7/bin/brakeman:23:in `<top (required)>'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `load'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:63:in `kernel_load'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli/exec.rb:28:in `run'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli.rb:476:in `exec'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/invocation.rb:127:in `invoke_command'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor.rb:399:in `dispatch'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli.rb:30:in `dispatch'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/vendor/thor/lib/thor/base.rb:476:in `start'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/cli.rb:24:in `start'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/exe/bundle:46:in `block in <top (required)>'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/lib/bundler/friendly_errors.rb:123:in `with_friendly_errors'
/Users/pboling/.asdf/installs/ruby/2.5.7/lib/ruby/gems/2.5.0/gems/bundler-2.1.4/exe/bundle:34:in `<top (required)>'
/Users/pboling/.asdf/installs/ruby/2.5.7/bin/bundle:23:in `load'
/Users/pboling/.asdf/installs/ruby/2.5.7/bin/bundle:23:in `<main>'

presidentbeef added a commit that referenced this issue Dec 8, 2020
@presidentbeef
Ensure RubyParser is passed path as a string
770ff9e 
Fixes #1534
@presidentbeef presidentbeef mentioned this issue Dec 8, 2020
Merged
@presidentbeef
Copy link
Owner

Hi @pboling! Thank you for taking steps to debug and providing the stack traces.

I'm guessing config/application.rb contains some code like "#{__FILE__}"? I believe what's happening is Brakeman is passing in a Brakeman::FilePath to RubyParser instead of a string. RubyParser converts __FILE__ during parsing to the name of the file being parsed. In this case, it then tries to interpolate the string.

In other words, RubyParser will turn

"#{__FILE__}"

into

"config/application.rb"

when __FILE__ is set to "config/application.rb".

But since it's not a string in this case... there's the error.

The weird thing is that I can only reproduce this error when running Brakeman in the root of the Rails app. Not sure why there's an encoding issue then.

In any case, should be fixed with #1535.

By the way, you should not expect to see your code in the stack trace, because Brakeman does not execute your code.

@pboling
Copy link
Author

pboling commented Dec 9, 2020
edited

I do a lot, in my root bootstrapping files, with __FILE__, so yes, I think that was the issue!

presidentbeef added a commit that referenced this issue Dec 23, 2020
@presidentbeef
Ensure RubyParser is passed path as a string
c73f314 
Fixes #1534
@presidentbeef presidentbeef mentioned this issue Jan 7, 2021
Closed
@dependabot dependabot bot mentioned this issue Mar 18, 2021
Closed
Repository owner locked and limited conversation to collaborators Jan 30, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure RubyParser is passed path as a string presidentbeef/brakeman
2 participants
@pboling @presidentbeef