I'm using MiniTest with Rails 5. When I run the following command, I want Brakeman to scan my application before tests run:
bundle exec rake test
Following the example with Rubocop here, I added the following task to lib/tasks/test.rake:
# Add additional test suite definitions to the default test task here
namespace :test do
desc 'Runs Brakeman'
# based on https://brakemanscanner.org/docs/rake/
task :brakeman, :output_files do |_task, args|
# To abort on failures, set to true.
EXIT_ON_FAIL = false
require 'brakeman'
files = args[:output_files].split(' ') if args[:output_files]
# For more options, see source here:
# https://github.com/presidentbeef/brakeman/blob/master/lib/brakeman.rb#L30
options = {
app_path: ".",
exit_on_error: EXIT_ON_FAIL,
exit_on_warn: EXIT_ON_FAIL,
output_files: files,
print_report: true,
pager: false,
summary_only: true
}
tracker = Brakeman.run options
failures = tracker.filtered_warnings + tracker.errors
# Based on code here:
# https://github.com/presidentbeef/brakeman/blob/f2376c/lib/brakeman/commandline.rb#L120
if EXIT_ON_FAIL && failures.any?
puts 'Brakeman violations found. Aborting now...'
exit Brakeman::Warnings_Found_Exit_Code unless tracker.filtered_warnings.empty?
exit Brakeman::Errors_Found_Exit_Code if tracker.errors.any?
end
end
end
Rake::Task[:test].enhance ['test:brakeman']
It can also be run as a rake task:
bundle exec rake test:brakeman