Merge pull request #23325 from Fryguy/brakeman_engine_gemfile_lock

Fix issue where brakeman does not detect lockfile correctly from engines
ManageIQ · Feb 4, 2025 · 9bd969e · 9bd969e
2 parents 939322c + 59e680a
commit 9bd969e
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/lib/tasks/test_security_helper.rb b/lib/tasks/test_security_helper.rb
@@ -24,6 +24,14 @@ def self.brakeman(format: "human")
     puts "**   engines:"
     puts "**   - #{engine_paths.join("\n**   - ")}"
 
+    # Brakeman's Gemfile detection does not work properly with engines
+    #   Brakeman detects the Gemfile.lock from the application root directory,
+    #   however when running from an engine the lockfile is in the engine
+    #   directory. So, we copy the Gemfile.lock into the application directory.
+    if defined?(ENGINE_ROOT)
+      FileUtils.cp(File.join(ENGINE_ROOT, "Gemfile.lock"), File.join(app_path, "Gemfile.lock"))
+    end
+
     # See all possible options here:
     #   https://brakemanscanner.org/docs/brakeman_as_a_library/#using-options
     options = {