Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support non-standard gemfile naming for dual booting Rails apps #1840

Open
eliotsykes opened this issue Apr 25, 2024 · 1 comment
Open

Support non-standard gemfile naming for dual booting Rails apps #1840

eliotsykes opened this issue Apr 25, 2024 · 1 comment

Comments

@eliotsykes
Copy link

eliotsykes commented Apr 25, 2024

Brakeman version: 6.1.2

Is your feature request related to a problem? Please describe.
In a CI environment, for a dual booting Rails app (e.g. Gemfile = Rails 6.1, Gemfile.next = Rails 7), to get brakeman to use a gemfile not named Gemfile(.lock), I shuffle files around so brakeman uses the correct gemfile. E.g. for a gemfile named Gemfile.next:

# This command does *not* work as intended, Gemfile.next is ignored,
# brakeman uses Gemfile in the scan:
BUNDLE_GEMFILE=Gemfile.next bundle exec brakeman

# This does work:
rm Gemfile Gemfile.lock
cp Gemfile.next Gemfile
cp Gemfile.next.lock Gemfile.lock
bundle exec brakeman

Describe the solution you'd like
This command would work as expected, where ENV['BUNDLE_GEMFILE']/Gemfile.next(.lock) is used by Brakeman::Scanner#process_gems, instead of the hardcoded Gemfile(.lock)

BUNDLE_GEMFILE=Gemfile.next bundle exec brakeman

Describe alternatives you've considered
Shuffling gemfiles around works:

rm Gemfile Gemfile.lock
cp Gemfile.next Gemfile
cp Gemfile.next.lock Gemfile.lock
bundle exec brakeman
@presidentbeef
Copy link
Owner

Sure, that seems reasonable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants