Merge pull request #23357 from Fryguy/add_interactive_ignore_brakeman

Add interactive-ignore support through test:security:brakeman

lib/extensions/brakeman_fingerprint_patch.rb

@@ -77,8 +77,6 @@ def fingerprint
   def to_hash(absolute_paths: true)
     super.tap do |h|
       h[:file] = (absolute_paths ? self.file.absolute : file_string)
-      h[:file_rel] = self.file.relative
-      h[:file_abs] = self.file.absolute
     end
   end
 end

lib/tasks/test_security_helper.rb

@@ -4,6 +4,9 @@ class TestSecurityHelper
   class SecurityTestFailed < StandardError; end
 
   def self.brakeman(format: "human")
+    args = ARGV.drop_while { |arg| arg != "--" }.drop(1)
+    interactive_ignore = (args & %w[-I --interactive-ignore]).any?
+
     require "vmdb/plugins"
     require "brakeman"
 
@@ -43,11 +46,18 @@ def self.brakeman(format: "human")
       :report_progress => $stderr.tty?,
       :use_prism       => true,
     }
-    if format == "json"
+    case format
+    when "json"
+      raise ArgumentError, "cannot pass --interactive-ignore with json output" if interactive_ignore
+
       options[:output_files] = [
         Rails.root.join("log/brakeman.json").to_s,
         Rails.root.join("log/brakeman.log").to_s
       ]
+    when "human"
+      options[:interactive_ignore] = true if interactive_ignore
+    else
+      raise ArgumentError, "Unknown format #{format.inspect}"
     end
 
     tracker = Brakeman.run(options)