Thanks Neil, I've gotten it to run now. I'll see if I can get some results.
On Fri, May 11, 2012 at 2:09 PM, Neil Matatall <ne...@twitter.com> wrote:
> Yeah, it will abort if there's no app directory. Adding an empty app dir
> will get you past this, but it won't find anything as it expects a
> rails-like structure.
>
> abort("Please supply the path to a Rails application.") unless app_path
> and File.exist? app_path + "/app"
>
>
> If you move (or symlink) the structure, you should be able to scan.
>
> On Friday, May 11, 2012 at 11:05 AM, Michael McCabe wrote:
>
> Yes, it's giving me that message.
>
> On Fri, May 11, 2012 at 2:01 PM, Neil Matatall <ne...@twitter.com> wrote:
>
> YMMV but I've run brakeman against a sinatra app and it was able to find
> some SQL/command injection, but the results are likely far from complete.
> You can always specify which tests to run via the -t (or conversely -x)
> with a list of test names to include or exclude. If it's just a straight
> API application, brakeman doesn't need to trace any paths, so the
> controller level tests may suffice (assuming you still follow the
> app/controllers convention).
>
> Are you getting the "please supply a path to a rails app" message?
>
> Neil Matatall
> @nilematotle
> 714-488-8893
>
> On Friday, May 11, 2012 at 10:55 AM, Michael McCabe wrote:
>
>
> We have an app that we would like to test with Brakeman but it's not a
> full Rails app only an API written in Ruby. Is there a way to force
> Brakeman to scan the app and maybe only run certain tests?
>
> Thanks.
>
>
>
>
>
