labml icon indicating copy to clipboard operation
labml copied to clipboard
verified publisher icon labmlai

Support non-standard gemfile naming for dual booting Rails apps

Open eliotsykes opened this issue 1 year ago • 1 comments

Brakeman version: 6.1.2

Is your feature request related to a problem? Please describe. In a CI environment, for a dual booting Rails app (e.g. Gemfile = Rails 6.1, Gemfile.next = Rails 7), to get brakeman to use a gemfile not named Gemfile(.lock), I shuffle files around so brakeman uses the correct gemfile. E.g. for a gemfile named Gemfile.next:

# This command does *not* work as intended, Gemfile.next is ignored,
# brakeman uses Gemfile in the scan:
BUNDLE_GEMFILE=Gemfile.next bundle exec brakeman

# This does work:
rm Gemfile Gemfile.lock
cp Gemfile.next Gemfile
cp Gemfile.next.lock Gemfile.lock
bundle exec brakeman

Describe the solution you'd like This command would work as expected, where ENV['BUNDLE_GEMFILE']/Gemfile.next(.lock) is used by Brakeman::Scanner#process_gems, instead of the hardcoded Gemfile(.lock)

BUNDLE_GEMFILE=Gemfile.next bundle exec brakeman

Describe alternatives you've considered Shuffling gemfiles around works:

rm Gemfile Gemfile.lock
cp Gemfile.next Gemfile
cp Gemfile.next.lock Gemfile.lock
bundle exec brakeman

eliotsykes avatar Apr 25 '24 12:04 eliotsykes

Sure, that seems reasonable.

presidentbeef avatar May 20 '24 02:05 presidentbeef