Bearer integration (#269)

This is a POC for [bearer](https://docs.bearer.com/), which is a static scanner for security/privacy vulnerabilities. While [brakeman](https://brakemanscanner.org/) is Rails-specific, Bearer adds support for vulnerabilities on the language-level and supports the following languages: 1. JavaScript/TypeScript 2. Ruby 3. PHP 4. Java 5. Go 6. Python This PR aims to prove out bearer's effectiveness in the power-tools repo. Example failure: ![Screenshot 2024-11-06 at 9 56 43 AM](https://github.com/user-attachments/assets/6d99c673-26e9-4ce5-b03b-44ea3a5e3525)
powerhome · Nov 8, 2024 · 283fc9b · 283fc9b
1 parent 49be6ed
commit 283fc9b
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 24 deletions.
diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml
@@ -0,0 +1,28 @@
+name: Automated Code Reviews
+on: [pull_request]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  bearer:
+    name: Bearer Security Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: reviewdog/action-setup@v1
+        with:
+          reviewdog_version: latest
+      - name: Bearer
+        uses: bearer/bearer-action@v2
+        with:
+          diff: true
+          format: rdjson
+          output: rd.json
+      - name: Run reviewdog
+        if: always()
+        env:
+          REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          touch rd.json && cat rd.json | reviewdog -f=rdjson -reporter=github-pr-check
diff --git a/packages/consent/docs/CHANGELOG.md b/packages/consent/docs/CHANGELOG.md
@@ -1,5 +1,7 @@
 ## [Unreleased]
 
+- removed eval_view as a legacy, unsafe concern
+
 ## [2.0.1] - 2023-01-08
 
 - Bugfixes, minor version bumps

diff --git a/packages/consent/lib/consent/dsl.rb b/packages/consent/lib/consent/dsl.rb
@@ -14,14 +14,6 @@ def with_defaults(new_defaults, &block)
       DSL.build(@subject, @defaults.merge(new_defaults), &block)
     end
 
-    # rubocop:disable Lint/UnusedBlockArgument, Security/Eval
-    def eval_view(key, label, collection_conditions)
-      view key, label do |user|
-        eval(collection_conditions)
-      end
-    end
-    # rubocop:enable Lint/UnusedBlockArgument, Security/Eval
-
     def view(key, label, instance = nil, collection = nil, &block)
       collection ||= block
       @subject.views[key] = View.new(key, label, instance, collection)

diff --git a/packages/consent/spec/consent/dsl_spec.rb b/packages/consent/spec/consent/dsl_spec.rb
@@ -46,22 +46,6 @@
     end
   end
 
-  describe "#eval_view" do
-    it "accepts a conditions string for eval" do
-      dsl.eval_view :view_key, "View YEY", "{object: 1}"
-
-      expect(subject.views[:view_key].conditions(nil)).to eql(object: 1)
-    end
-
-    it "is a view that evaluate the condition as ruby with the user variable" do
-      user = double(id: 1)
-
-      dsl.eval_view :view_key, "View YEY", "{user: user.id}"
-
-      expect(subject.views[:view_key].conditions(user)).to eql(user: 1)
-    end
-  end
-
   describe "#action" do
     let(:view_all) { double }
     let(:view_no_access) { double }