Re: [brakeman] Brakeman Testing of Non-Rails App
Thanks Neil, I've gotten it to run now. I'll see if I can get some results.
On Fri, May 11, 2012 at 2:09 PM, Neil Matatall wrote:
> Yeah, it will abort if there's no app directory. Adding an empty app dir
> will get you past this, but it won't find anything as it expects a
> rails-like structure.
>
> abort("Please supply the path to a Rails application.") unless app_path
> and File.exist? app_path + "/app"
>
>
> If you move (or symlink) the structure, you should be able to scan.
>
> On Friday, May 11, 2012 at 11:05 AM, Michael McCabe wrote:
>
> Yes, it's giving me that message.
>
> On Fri, May 11, 2012 at 2:01 PM, Neil Matatall wrote:
>
> YMMV but I've run brakeman against a sinatra app and it was able to find
> some SQL/command injection, but the results are likely far from complete.
> You can always specify which tests to run via the -t (or conversely -x)
> with a list of test names to include or exclude. If it's just a straight
> API application, brakeman doesn't need to trace any paths, so the
> controller level tests may suffice (assuming you still follow the
> app/controllers convention).
>
> Are you getting the "please supply a path to a rails app" message?
>
> Neil Matatall
> @nilematotle
> 714-488-8893
>
> On Friday, May 11, 2012 at 10:55 AM, Michael McCabe wrote:
>
>
> We have an app that we would like to test with Brakeman but it's not a
> full Rails app only an API written in Ruby. Is there a way to force
> Brakeman to scan the app and maybe only run certain tests?
>
> Thanks.
>
>
>
>
>
Re: [brakeman] Brakeman Testing of Non-Rails App
Yeah, it will abort if there's no app directory. Adding an empty app dir will
get you past this, but it won't find anything as it expects a rails-like
structure.
> abort("Please supply the path to a Rails application.") unless app_path and
> File.exist? app_path + "/app"
If you move (or symlink) the structure, you should be able to scan.
On Friday, May 11, 2012 at 11:05 AM, Michael McCabe wrote:
> Yes, it's giving me that message.
>
> On Fri, May 11, 2012 at 2:01 PM, Neil Matatall (mailto:[email protected])> wrote:
> > YMMV but I've run brakeman against a sinatra app and it was able to find
> > some SQL/command injection, but the results are likely far from complete.
> > You can always specify which tests to run via the -t (or conversely -x)
> > with a list of test names to include or exclude. If it's just a straight
> > API application, brakeman doesn't need to trace any paths, so the
> > controller level tests may suffice (assuming you still follow the
> > app/controllers convention).
> >
> > Are you getting the "please supply a path to a rails app" message?
> >
> > Neil Matatall
> > @nilematotle
> > 714-488-8893 (tel:714-488-8893)
> >
> >
> >
> > On Friday, May 11, 2012 at 10:55 AM, Michael McCabe wrote:
> >
> > >
> > > We have an app that we would like to test with Brakeman but it's not a
> > > full Rails app only an API written in Ruby. Is there a way to force
> > > Brakeman to scan the app and maybe only run certain tests?
> > >
> > > Thanks.
> >
>
Re: [brakeman] Brakeman Testing of Non-Rails App
Yes, it's giving me that message. On Fri, May 11, 2012 at 2:01 PM, Neil Matatall wrote: > YMMV but I've run brakeman against a sinatra app and it was able to find > some SQL/command injection, but the results are likely far from complete. > You can always specify which tests to run via the -t (or conversely -x) > with a list of test names to include or exclude. If it's just a straight > API application, brakeman doesn't need to trace any paths, so the > controller level tests may suffice (assuming you still follow the > app/controllers convention). > > Are you getting the "please supply a path to a rails app" message? > > Neil Matatall > @nilematotle > 714-488-8893 > > On Friday, May 11, 2012 at 10:55 AM, Michael McCabe wrote: > > > We have an app that we would like to test with Brakeman but it's not a > full Rails app only an API written in Ruby. Is there a way to force > Brakeman to scan the app and maybe only run certain tests? > > Thanks. > > >
Re: [brakeman] Brakeman Testing of Non-Rails App
YMMV but I've run brakeman against a sinatra app and it was able to find some SQL/command injection, but the results are likely far from complete. You can always specify which tests to run via the -t (or conversely -x) with a list of test names to include or exclude. If it's just a straight API application, brakeman doesn't need to trace any paths, so the controller level tests may suffice (assuming you still follow the app/controllers convention). Are you getting the "please supply a path to a rails app" message? Neil Matatall @nilematotle 714-488-8893 On Friday, May 11, 2012 at 10:55 AM, Michael McCabe wrote: > > We have an app that we would like to test with Brakeman but it's not a full > Rails app only an API written in Ruby. Is there a way to force Brakeman to > scan the app and maybe only run certain tests? > > Thanks.
[brakeman] Brakeman Testing of Non-Rails App
We have an app that we would like to test with Brakeman but it's not a full Rails app only an API written in Ruby. Is there a way to force Brakeman to scan the app and maybe only run certain tests? Thanks.
