Brakeman Pro

Documentation

Brakeman Pro Engine Test Integration

Once set in your application’s Gemfile as a dependency, the Brakeman Pro Engine can integrate directly into your tests. This is a great method for always running Brakeman Pro against your code base.

The test integration will run Brakeman Pro in a separate process to avoid contaminating the application tests with Brakeman dependencies.

Contact us if you have any questions about advanced configurations for Brakeman Pro scans inside tests.

Minitest

Brakeman Pro has three assertions for use with Minitest:

  • assert_no_brakeman_warnings
  • assert_no_high_brakeman_warnings
  • assert_brakeman_warnings

The assert_brakeman_warnings method can be used to test for specific numbers of warnings, by confidence.

Any assertion can accept a hash table of options to control the scan for advanced configurations.

Failures will print out all warnings found.

Example uses:

    require "brakeman/test/minitest"

    class TestBrakemanWarnings < Minitest::Test
      parallelize_me!  # Run Brakeman in parallel to avoid slowing down testsuite!

      # Assert zero Brakeman warnings
      def test_no_brakeman_warnings
        assert_no_brakeman_warnings 
      end

      # Or assert zero high confidence Brakeman warnings
      def test_no_high_brakeman_warnings
        assert_no_high_brakeman_warnings 
      end

      # Or specify expected numbers
      def test_num_brakeman_warnings
        assert_brakeman_warnings high: 77, medium: 20, weak: 4, info: 17
      end
    end

RSpec

Brakeman Pro has three matchers for use with RSpec:

  • have_no_warnings
  • have_no_high_warnings
  • have_warning

The call to Brakeman::Test.run can accept a hash table of options to control the scan for advanced configurations.

Failures will print out all Brakeman warnings found.

Example uses:

    require "brakeman/test/rspec"

    describe Brakeman do
      # Assert zero Brakeman warnings
      it "raises zero warnings" do
        expect(Brakeman::Test.run).to have_no_warnings
      end

      # Assert zero high confidence Brakeman warnings
      it "raises zero high confidence warnings" do
        expect(Brakeman::Test.run).to have_no_high_warnings
      end

      # Or specify expected numbers
      it "raises expected warnings" do
        expect(Brakeman::Test.run).to have_warnings high: 13, medium: 5, weak: 0, info: 14
      end
    end

Custom

For general use, Brakeman::Test.run may be used as needed. Options may be passed in for advanced configuration.

The resulting Brakeman::Test::Result object has the following methods:

  • warnings returns hash table of warnings by confidence
  • has_zero_warnings?
  • has_zero_high_warnings?
  • to_text_format

Our test API is brand new, so please contact us if you have questions or suggestions.