Thanks Neil, I've gotten it to run now. I'll see if I can get some results.
On Fri, May 11, 2012 at 2:09 PM, Neil Matatall <ne...@twitter.com> wrote: > Yeah, it will abort if there's no app directory. Adding an empty app dir > will get you past this, but it won't find anything as it expects a > rails-like structure. > > abort("Please supply the path to a Rails application.") unless app_path > and File.exist? app_path + "/app" > > > If you move (or symlink) the structure, you should be able to scan. > > On Friday, May 11, 2012 at 11:05 AM, Michael McCabe wrote: > > Yes, it's giving me that message. > > On Fri, May 11, 2012 at 2:01 PM, Neil Matatall <ne...@twitter.com> wrote: > > YMMV but I've run brakeman against a sinatra app and it was able to find > some SQL/command injection, but the results are likely far from complete. > You can always specify which tests to run via the -t (or conversely -x) > with a list of test names to include or exclude. If it's just a straight > API application, brakeman doesn't need to trace any paths, so the > controller level tests may suffice (assuming you still follow the > app/controllers convention). > > Are you getting the "please supply a path to a rails app" message? > > Neil Matatall > @nilematotle > 714-488-8893 > > On Friday, May 11, 2012 at 10:55 AM, Michael McCabe wrote: > > > We have an app that we would like to test with Brakeman but it's not a > full Rails app only an API written in Ruby. Is there a way to force > Brakeman to scan the app and maybe only run certain tests? > > Thanks. > > > > >