search

presidentbeef / brakeman

A static analysis security vulnerability scanner for Ruby on Rails applications
https://brakemanscanner.org/
Other
6.98k stars 726 forks source link

brakeman 6.2.1 ships binaries that are linked against ruby 3.1.0 #1869

Open kirillrdy opened 2 weeks ago

kirillrdy commented 2 weeks ago

Background

Brakeman version: ? 6.2.1

Rails version: ? Ruby version: ? 3.3.4

Link to Rails application code: ?

Issue

What problem are you seeing?

I am using ruby 3.3.4 but brakeman ships with binaries that were linked against ruby 3.1

error: auto-patchelf could not satisfy dependency libruby.so.3.1 wanted by /nix/store/wnhsnqh5r6kw0x7l12ccyak7q662nmkd-wrapped-ruby-for-hl-web-3.3.4-dev/ruby/3.3.0/gems/brakeman-6.2.1/bundle/ruby/3.1.0/gems/strscan-3.1.0/lib/strscan.so
error: auto-patchelf could not satisfy dependency libruby.so.3.1 wanted by /nix/store/wnhsnqh5r6kw0x7l12ccyak7q662nmkd-wrapped-ruby-for-hl-web-3.3.4-dev/ruby/3.3.0/gems/brakeman-6.2.1/bundle/ruby/3.1.0/gems/strscan-3.1.0/ext/strscan/strscan.so
error: auto-patchelf could not satisfy dependency libruby.so.3.1 wanted by /nix/store/wnhsnqh5r6kw0x7l12ccyak7q662nmkd-wrapped-ruby-for-hl-web-3.3.4-dev/ruby/3.3.0/gems/brakeman-6.2.1/bundle/ruby/3.1.0/gems/io-console-0.7.2/lib/io/console.so
error: auto-patchelf could not satisfy dependency libruby.so.3.1 wanted by /nix/store/wnhsnqh5r6kw0x7l12ccyak7q662nmkd-wrapped-ruby-for-hl-web-3.3.4-dev/ruby/3.3.0/gems/brakeman-6.2.1/bundle/ruby/3.1.0/gems/io-console-0.7.2/ext/io/console/console.so

Other Error

Run Brakeman with --debug to see the full stack trace.

Stack trace:

?
dima4p commented 4 days ago

/usr/local/rvm/rubies/ruby-3.3.5/lib/ruby/3.3.0/bundled_gems.rb:75:in 'require': libruby.so.3.1: cannot open shared object file: No such file or directory - /usr/local/rvm/gems/ruby-3.3.5@tv/gems/brakeman-6.2.1/bundle/ruby/3.1.0/gems/io-console-0.7.2/lib/io/console.so (LoadError) Ruby 3.3.5 Rails 7.2.1 command: bundle exec rails console

presidentbeef commented 3 days ago

Hey @kirillrdy - sorry I missed your original message.

Two short term options:

The conversation of standard libraries to gems is killing me 😞

dima4p commented 3 days ago
  • gem 'brakeman', require: false

Thanks, adding gem 'brakeman', require: false fixes the problem, but adding gem 'guard-brakeman' returns it.