Address false warnings raised for known renderable classes specified with fully qualified paths #1838
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We noticed some instances of Brakeman raising warnings in our application when there wasn't a clear issue. Demonstrating them here instead of in an issue so that I can show failing specs and help tackle the root cause. (Happy to open an issue as well, but failing specs I think are clearer than any written explanation of the situation).
About our app:
it's quite old and large (Brakeman reports finding 1216 controllers and 1865 models). We use CBRA to help manage it, with lots of organized modules / components. It's usual for our developers to specify a fully-qualified path (
::MyViewComponent
vsMyViewComponent
) due to our unique architecture. In this case, the fully-qualified path specifications were causing Brakeman to raise warnings while rendering ViewComponents across the app.Will start working on a fix; definitely open to questions/opinions on the best way to tackle this.