Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

brakeman still references haml 4 - which is a bit long in the tooth (Haml::Filter::Coffee class vs. module) #1841

Open
kwerle opened this issue Apr 30, 2024 · 0 comments
Open

brakeman still references haml 4 - which is a bit long in the tooth (Haml::Filter::Coffee class vs. module) #1841

kwerle opened this issue Apr 30, 2024 · 0 comments

Comments

@kwerle
Copy link

kwerle commented Apr 30, 2024

In short, brakeman declares Haml::Filter::Coffee to be a module and haml declares it to be a class.

Background

Brakeman version:

$ brakeman --version
brakeman 6.1.2

Rails version:

$ rails --version
Rails 7.0.8.1

Ruby version:

$ ruby --version
ruby 3.3.0 (2023-12-25 revision 5124f9ac75) +YJIT [aarch64-linux]

Link to Rails application code: Private

Issue

Error: Coffee is not a module /.../.ruby/gems/haml-6.3.0/lib/haml/filters/coffee.rb:4: previous definition of Coffee was here While processing /.../....html.haml
Location: /.../.ruby/gems/brakeman-min-6.1.2/lib/brakeman/parsers/haml_embedded.rb:29:in `<main>'

HAML says:

$ cat /.../.ruby/gems/haml-6.3.0/lib/haml/filters/coffee.rb
# frozen_string_literal: true
module Haml
  class Filters
    class Coffee < TiltBase
      def compile(node)
        require 'tilt/coffee' if explicit_require?('coffee')
        temple = [:multi]
        temple << [:static, "<script>\n"]
        temple << compile_with_tilt(node, 'coffee', indent_width: 2)
        temple << [:static, "</script>"]
        temple
      end
    end

    CoffeeScript = Coffee
  end
end

Brakeman says:

$ cat /.../.ruby/gems/brakeman-min-6.1.2/lib/brakeman/parsers/haml_embedded.rb
module Brakeman
  module FakeHamlFilter
    # Copied from Haml 4 - force delayed compilation
    def compile(compiler, text)
      filter = self
      compiler.instance_eval do
        text = unescape_interpolation(text).gsub(/(\\+)n/) do |s|
          escapes = $1.size
          next s if escapes % 2 == 0
          ("\\" * (escapes - 1)) + "\n"
        end
        # We need to add a newline at the beginning to get the
        # filter lines to line up (since the Haml filter contains
        # a line that doesn't show up in the source, namely the
        # filter name). Then we need to escape the trailing
        # newline so that the whole filter block doesn't take up
        # too many.
        text = "\n" + text.sub(/\n"\Z/, "\\n\"")
        push_script <<RUBY.rstrip, :escape_html => false
find_and_preserve(#{filter.inspect}.render_with_options(#{text}, _hamlout.options))
RUBY
        return
      end
    end
  end
end

# Fake CoffeeScript filter for Haml
module Haml::Filters::Coffee
  include Haml::Filters::Base
  extend Brakeman::FakeHamlFilter
end

# Fake Markdown filter for Haml
module Haml::Filters::Markdown
  include Haml::Filters::Base
  extend Brakeman::FakeHamlFilter
end

# Fake Sass filter for Haml
module Haml::Filters::Sass
  include Haml::Filters::Base
  extend Brakeman::FakeHamlFilter
end

Other Error

Run Brakeman with --debug to see the full stack trace.

Stack trace:

?
kwerle added a commit to kwerle/brakeman that referenced this issue Apr 30, 2024
@kwerle
https://github.com/presidentbeef/brakeman/issues/1841
dcd3b1f 
brakeman still references haml 4 - which is a bit long in the tooth (Haml::Filter::Coffee class vs. module) presidentbeef#1841
@kwerle kwerle mentioned this issue Apr 30, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kwerle