Slim parsing error "unknown line indicator" when using "slim/smart" plugin

[jeffgran]

Background

Brakeman version: 5.0
Rails version: 6.0.3.4
Ruby version: 2.5.5p157

Issue

What problem are you seeing?

Slim comes bundled with a few plugins, one of which is called "Smart Text". It adds a few extra features. Brakeman's slim integration does not enable that plugin, so templates using that syntax fail to parse and cause errors.

Specifically, we are seeing this with lines that start with > character, error message and stack trace shown below.

Other Error

Run Brakeman with --debug to see the full stack trace.

Stack trace:

Parsing /app/app/views/<redacted>/show.html.slim
Unknown line indicator
  /app/app/views/<redacted>/show.html.slim, Line 58, Column 22
    > •
    ^
/app/app/views/<redacted>/show.html.slim:58
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/slim-4.1.0/lib/slim/parser.rb:524:in `syntax_error!'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/slim-4.1.0/lib/slim/parser.rb:265:in `unknown_line_indicator'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/slim-4.1.0/lib/slim/parser.rb:256:in `parse_line_indicators'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/slim-4.1.0/lib/slim/parser.rb:196:in `parse_line'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/slim-4.1.0/lib/slim/parser.rb:99:in `call'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/temple-0.8.2/lib/temple/engine.rb:50:in `block in call'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/temple-0.8.2/lib/temple/engine.rb:50:in `each'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/temple-0.8.2/lib/temple/engine.rb:50:in `inject'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/temple-0.8.2/lib/temple/engine.rb:50:in `call'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/temple-0.8.2/lib/temple/mixins/template.rb:10:in `compile'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/temple-0.8.2/lib/temple/templates/tilt.rb:30:in `prepare'
/usr/local/bundle/gems/brakeman-5.0.0/bundle/ruby/2.7.0/gems/tilt-2.0.10/lib/tilt/template.rb:99:in `initialize'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/parsers/template_parser.rb:93:in `new'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/parsers/template_parser.rb:93:in `parse_slim'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/parsers/template_parser.rb:28:in `parse_template'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/scanner.rb:81:in `block in parse_files'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/file_parser.rb:27:in `block in read_files'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/file_parser.rb:24:in `each'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/file_parser.rb:24:in `read_files'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/scanner.rb:80:in `parse_files'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/scanner.rb:49:in `process'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman.rb:379:in `scan'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman.rb:85:in `run'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/commandline.rb:157:in `run_brakeman'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/commandline.rb:125:in `regular_report'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/commandline.rb:166:in `run_report'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/commandline.rb:35:in `run'
/usr/local/bundle/gems/brakeman-5.0.0/lib/brakeman/commandline.rb:20:in `start'
/usr/local/bundle/gems/brakeman-5.0.0/bin/brakeman:10:in `<top (required)>'
/usr/local/bundle/bin/brakeman:23:in `load'
/usr/local/bundle/bin/brakeman:23:in `<top (required)>'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/cli/exec.rb:74:in `load'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/cli/exec.rb:74:in `kernel_load'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/cli/exec.rb:28:in `run'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/cli.rb:463:in `exec'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/cli.rb:27:in `dispatch'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/cli.rb:18:in `start'
/usr/local/lib/ruby/gems/2.5.0/gems/bundler-1.17.3/exe/bundle:30:in `block in <top (required)>'
/usr/local/lib/ruby/site_ruby/2.5.0/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/usr/local/lib/ruby/gems/2.5.0/gems/bundler-1.17.3/exe/bundle:22:in `<top (required)>'
/usr/local/bin/bundle:23:in `load'
/usr/local/bin/bundle:23:in `<main>'

[presidentbeef]

Hi @jeffgran, thank you for reporting this issue!

How is the plugin loaded in your code? Just a require "slim/smart" somewhere? 🤔

I see this plugin comes with Slim, so it's not a big deal for Brakeman to also enable it. I'm just wondering if it should be conditionally enabled or if it's safe to always enable.

[jeffgran]

Hi Mr. President @presidentbeef

Yes, for us we have it in the gemfile: gem "slim", "~> 3.0.1", require: ["slim", "slim/smart"]

That's a good question. I think it should probably be optional because it does change how slim interprets the template files, so I think you'd only want brakeman to interpret them the smart way if your app also is. Is there a mechanism to make that a config option for brakeman?