On 17 February 2014 17:02, Justin Collins <jus...@presidentbeef.com> wrote:
> On 02/17/2014 08:07 AM, Aleksandar Simic wrote: > > Hello list, > > > > my first posting here. > > > > I have a question regarding how to parse warnings issued by brakeman. > > > > The full scenario is below. > > > > Working on this app at the moment: > > > > https://github.com/ministryofjustice/accelerated_claims > > > > There is this snipped of code in config/initializers/secret_token.rb: > > > > > https://github.com/ministryofjustice/accelerated_claims/blob/498a2c81e17ce83baf9b4063ebd74678110d891d/config/initializers/secret_token.rb#L13-L17 > > > > Which gives this warning when brakeman is run: > > > > https://gist.github.com/dotemacs/9053206 > > > > Is there a way to ignore/omit this warning in any subsequent brakeman > > runs, short of grepping out the warning in question? > > > > What I'm trying to do is have brakeman set up to run in our CI as a post > > build task and flag up any warning should they appear in our code (will > > use these instructions: http://brakemanscanner.org/docs/jenkins/setup/). > > But I'd like to avoid issuing any warnings for know issues. > > > > Have you dealt with an issue like this and how did you go about it? > > > > Thank you for your time, > > Aleksandar > > Hi Aleksandar, > > It sounds like what you want is for Jenkins to only fail builds when new > warnings are introduced. Last I checked, this is not possible[1]. > > However, it appears it is possible to only send emails regarding > new/fixed warnings[2] and avoid marking the build as failed. > > In case that's not what you meant, you can also create a configuration > file to ignore certain warnings[3]. > > Hope that helps. > > -Justin > > [1] > > https://wiki.jenkins-ci.org/display/JENKINS/Static+Code+Analysis+Plug-ins?focusedCommentId=58002244#comment-58002244 > > [2] > > https://wiki.jenkins-ci.org/display/JENKINS/Static+Code+Analysis+Plug-ins?focusedCommentId=58002244#StaticCodeAnalysisPlug-ins-email > > [3] brakemanscanner.org/blog/2013/07/17/brakeman-2-dot-1-0-released/ Hello Justin, thanks for the thorough response. 3. was what I was after. Since you seemed to have integrated this with Jenkins somehow, and taking into account your answer with 1., what I'm wondering is how do you get warnings from new errors/warnings? What do you think of this approach: ---- shell script ----- # capture the report brakeman -o report # then parse it for errors # and create the error exit status manually if [ $(grep -c '+SECURITY WARNINGS+') -gt 0 ]; then cat report exit 1 fi ---- end of the script ---- I'm guessing that this approach was probably considered. If it was, what was/is the downside of it? The script above is just a small example, I'd probably expand on it if I were to add it to our CI. Thanks again, Aleksandar
