Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Endless loop on mutually recursive renders #1536

Closed
akimd opened this issue Dec 11, 2020 · 3 comments · Fixed by #1537
Closed

Endless loop on mutually recursive renders #1536

akimd opened this issue Dec 11, 2020 · 3 comments · Fixed by #1537

Comments

@akimd
Copy link

akimd commented Dec 11, 2020

Background

Brakeman version: 4.10.0
Rails version: 6.0.3.4
Ruby version: 2.5.7

Issue

We use partials that render partials, and this can be "recursive". Of course there are dynamic conditions for the calls to stop at some point, but statically, Brakeman does not see them and endlessly stacks calls:

For instance

$ grep 'render.*filters_list' app/views/*/_query_builder_filters_list.html.erb 
app/views/accesses/_query_builder_filters_list.html.erb:<%= render partial: '/profile_accesses/query_builder_filters_list' %>
...
app/views/profile_accesses/_query_builder_filters_list.html.erb:<%= render partial: '/accesses/query_builder_filters_list' %>

Other Error

Run Brakeman with --debug to see the full stack trace.

Rendering /accesses/_query_builder_filters_list (["Template:access_rules/_query_builder_filters_list"])
Rendering /profile_accesses/_query_builder_filters_list (["Template:access_rules/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list"])
Rendering /accesses/_query_builder_filters_list (["Template:access_rules/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list", "Template:profile_accesses/_query_builder_filters_list"])
Rendering /profile_accesses/_query_builder_filters_list (["Template:access_rules/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list", "Template:profile_accesses/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list"])
Rendering /accesses/_query_builder_filters_list (["Template:access_rules/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list", "Template:profile_accesses/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list", "Template:profile_accesses/_query_builder_filters_list"])
Rendering /profile_accesses/_query_builder_filters_list (["Template:access_rules/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list", "Template:profile_accesses/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list", "Template:profile_accesses/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list"])
Rendering /accesses/_query_builder_filters_list (["Template:access_rules/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list", "Template:profile_accesses/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list", "Template:profile_accesses/_query_builder_filters_list", "Template:accesses/_query_builder_filters_list", "Template:profile_accesses/_query_builder_filters_list"])
...

Stack trace:

Traceback (most recent call last):
	11282: from /opt/ruby/bin/brakeman:23:in `<main>'
	11281: from /opt/ruby/bin/brakeman:23:in `load'
	11280: from /opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bin/brakeman:10:in `<top (required)>'
	11279: from /opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:20:in `start'
	11278: from /opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:35:in `run'
	11277: from /opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:166:in `run_report'
	11276: from /opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:125:in `regular_report'
	11275: from /opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/brakeman/commandline.rb:157:in `run_brakeman'
	 ... 11270 levels...
	    4: from /opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/sexp_processor-4.15.1/lib/sexp.rb:65:in `map'
	    3: from /opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/sexp_processor-4.15.1/lib/sexp.rb:65:in `map'
	    2: from /opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/ruby_parser/bm_sexp.rb:592:in `block in inspect'
	    1: from /opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/lib/ruby_parser/bm_sexp.rb:590:in `inspect'
/opt/ruby-2.5.7/lib/ruby/gems/2.5.0/gems/brakeman-4.10.0/bundle/ruby/2.7.0/gems/sexp_processor-4.15.1/lib/sexp.rb:65:in `map': stack level too deep (SystemStackError)

Cheers!
@presidentbeef
Copy link
Owner

Interesting... this was definitely addressed in the past so I'll have to see why the loop detection is not working in this case.

@presidentbeef
Copy link
Owner

Ah... I think it's the / in the partial name that's evading the loop detection.

presidentbeef added a commit that referenced this issue Dec 16, 2020
@presidentbeef
Prevent render loops with absolute paths
f6a98be 
Fixes #1536
@presidentbeef presidentbeef mentioned this issue Dec 16, 2020
Merged
@akimd
Copy link
Author

akimd commented Dec 19, 2020

Great news, thank!

presidentbeef added a commit that referenced this issue Dec 23, 2020
@presidentbeef
Prevent render loops with absolute paths
f09d161 
Fixes #1536
@dependabot dependabot bot mentioned this issue Mar 18, 2021
Closed
Repository owner locked and limited conversation to collaborators Jan 30, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Prevent render loops with absolute paths presidentbeef/brakeman
2 participants
@presidentbeef @akimd