Merge pull request #1858 from presidentbeef/use_prism

Add optional use of Prism parser

lib/brakeman/file_parser.rb

@@ -7,7 +7,18 @@ module Brakeman
   class FileParser
     attr_reader :file_list, :errors
 
-    def initialize app_tree, timeout, parallel = true
+    def initialize app_tree, timeout, parallel = true, use_prism = false
+      @use_prism = use_prism
+
+      if @use_prism
+        begin
+          require 'prism'
+        rescue LoadError => e
+          Brakeman.debug "Asked to use Prism, but failed to load: #{e}"
+          @use_prism = false
+        end
+      end
+
       @app_tree = app_tree
       @timeout = timeout
       @file_list = []
@@ -73,8 +84,29 @@ def parse_ruby input, path
         path = path.relative
       end
 
+      Brakeman.debug "Parsing #{path}"
+
+      if @use_prism
+        begin
+          parse_with_prism input, path
+        rescue => e
+          Brakeman.debug "Prism failed to parse #{path}: #{e}"
+
+          parse_with_ruby_parser input, path
+        end
+      else
+        parse_with_ruby_parser input, path
+      end
+    end
+
+    private
+
+    def parse_with_prism input, path
+      Prism::Translation::RubyParser.parse(input, path)
+    end
+
+    def parse_with_ruby_parser input, path
       begin
-        Brakeman.debug "Parsing #{path}"
         RubyParser.new.parse input, path, @timeout
       rescue Racc::ParseError => e
         raise e.exception(e.message + "\nCould not parse #{path}")

lib/brakeman/options.rb

@@ -159,6 +159,23 @@ def create_option_parser options
           options[:parser_timeout] = timeout
         end
 
+        opts.on "--[no-]prism", "Use the Prism parser" do |use_prism|
+          if use_prism
+            prism_version = '0.30'
+
+            begin
+              # Specifying minimum version here,
+              # since it can't be in the gem dependency list because it is optional
+              gem 'prism', "~>#{prism_version}"
+            rescue Gem::MissingSpecVersionError, Gem::MissingSpecError, Gem::LoadError => e
+              $stderr.puts "Please install `prism` version #{prism_version} or newer:"
+              raise e
+            end
+          end
+
+          options[:use_prism] = use_prism
+        end
+
         opts.on "-r", "--report-direct", "Only report direct use of untrusted data" do |option|
           options[:check_arguments] = !option
         end

lib/brakeman/scanner.rb

@@ -125,7 +125,7 @@ def process
   end
 
   def parse_files
-    fp = Brakeman::FileParser.new(tracker.app_tree, tracker.options[:parser_timeout], tracker.options[:parallel_checks])
+    fp = Brakeman::FileParser.new(tracker.app_tree, tracker.options[:parser_timeout], tracker.options[:parallel_checks], tracker.options[:use_prism])
 
     fp.parse_files tracker.app_tree.ruby_file_paths
 
@@ -414,7 +414,7 @@ def index_call_sites
   end
 
   def parse_ruby_file file
-    fp = Brakeman::FileParser.new(tracker.app_tree, tracker.options[:parser_timeout])
+    fp = Brakeman::FileParser.new(tracker.app_tree, tracker.options[:parser_timeout], false, tracker.options[:use_prism])
     fp.parse_ruby(file.read, file)
   rescue Exception => e
     tracker.error(e)

test/tests/options.rb

@@ -31,7 +31,7 @@ class BrakemanOptionsTest < Minitest::Test
     :ensure_latest          => "--ensure-latest",
     :allow_check_paths_in_config => "--allow-check-paths-in-config",
     :pager                  => "--pager",
-    :show_timing                 => "--timing",
+    :show_timing            => "--timing",
   }
 
   ALT_OPTION_INPUTS = {
@@ -366,6 +366,24 @@ def test_text_report_fields
     end
   end
 
+  def test_use_prism
+    begin
+      # If prism is installed, test that everything is fine
+
+      gem('prism', '~>0.30')
+      options = setup_options_from_input('--prism')
+      assert options[:use_prism]
+    rescue Gem::MissingSpecVersionError, Gem::MissingSpecError, Gem::LoadError
+      # Otherwise, test the error message and exception
+
+      assert_output nil, /Please install `prism`/ do
+        assert_raises Gem::MissingSpecVersionError, Gem::MissingSpecError, Gem::LoadError do
+          setup_options_from_input('--prism')
+        end
+      end
+    end
+  end
+
   private
 
   def setup_options_from_input(*args)

test/tests/rails8.rb

@@ -7,7 +7,7 @@ class Rails8Tests < Minitest::Test
   def report
     @@report ||=
       Date.stub :today, Date.parse("2024-05-13") do
-        BrakemanTester.run_scan "rails8", "Rails 8", run_all_checks: true
+        BrakemanTester.run_scan "rails8", "Rails 8", run_all_checks: true, use_prism: true
       end
   end