If Rails version is in Gemfile, use it

and process Gemfile before config, because config location depends on Rails version. Fixes #398

If Rails version is in Gemfile, use it
and process Gemfile before config, because config location depends on Rails version. Fixes #398
66fb4de1 · Justin Collins · c3525e80 · 66fb4de1 · 66fb4de1 · 66fb4de1
3 changed file
--- a/lib/brakeman/processors/gem_processor.rb
+++ b/lib/brakeman/processors/gem_processor.rb
@@ -19,6 +19,11 @@ class Brakeman::GemProcessor < Brakeman::BaseProcessor
      @tracker.config[:rails_version] = $1
    end

+    if @tracker.config[:rails_version] =~ /^(3|4)\./ and not @tracker.options[:rails3]
+      @tracker.options[:rails3] = true
+      Brakeman.notify "[Notice] Detected Rails #$1 application"
+    end
+
    if @tracker.config[:gems][:rails_xss]
      @tracker.config[:escape_html] = true


--- a/lib/brakeman/scanner.rb
+++ b/lib/brakeman/scanner.rb
@@ -47,10 +47,10 @@ class Brakeman::Scanner

  #Process everything in the Rails application
  def process
-    Brakeman.notify "Processing configuration..."
-    process_config
    Brakeman.notify "Processing gems..."
    process_gems
+    Brakeman.notify "Processing configuration..."
+    process_config
    Brakeman.notify "Processing initializers..."
    process_initializers
    Brakeman.notify "Processing libs..."

--- a/test/apps/rails4_with_engines/script/.keep
+++ b/test/apps/rails4_with_engines/script/.keep