From 59e680af259433ba97ae5d88b5e6118c54625a0f Mon Sep 17 00:00:00 2001
From: Jason Frey <fryguy9@gmail.com>
Date: Tue, 4 Feb 2025 14:34:35 -0500
Subject: [PATCH] Fix issue where brakeman does not detect lockfile correctly
 from engines

---
 lib/tasks/test_security_helper.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/tasks/test_security_helper.rb b/lib/tasks/test_security_helper.rb
index 34c2902d369..8760f7a94c6 100644
--- a/lib/tasks/test_security_helper.rb
+++ b/lib/tasks/test_security_helper.rb
@@ -24,6 +24,14 @@ def self.brakeman(format: "human")
     puts "**   engines:"
     puts "**   - #{engine_paths.join("\n**   - ")}"
 
+    # Brakeman's Gemfile detection does not work properly with engines
+    #   Brakeman detects the Gemfile.lock from the application root directory,
+    #   however when running from an engine the lockfile is in the engine
+    #   directory. So, we copy the Gemfile.lock into the application directory.
+    if defined?(ENGINE_ROOT)
+      FileUtils.cp(File.join(ENGINE_ROOT, "Gemfile.lock"), File.join(app_path, "Gemfile.lock"))
+    end
+
     # See all possible options here:
     #   https://brakemanscanner.org/docs/brakeman_as_a_library/#using-options
     options = {