Summary:

The changes in this pull request are focused on improving the handling of excluded paths in the Brakeman security scanner for Ruby on Rails applications. Brakeman is a static code analysis tool used to identify potential security vulnerabilities, and these changes are aimed at enhancing the accuracy and performance of the scanner by more effectively excluding certain directories and files from the analysis.

The key changes include:

1. Updating the EXCLUDED_PATHS constant to use a regular expression-based approach instead of a simple array of strings, allowing for more flexible and efficient matching of excluded paths.
2. Modifying the reject_global_excludes method to use the new match_path helper method, which checks if a given path matches the EXCLUDED_PATHS regular expression.
3. Introducing the match_path method to handle the matching of paths against the regular expression-based exclusions, converting the absolute path to a project-relative path and then checking if it matches the exclusion patterns.

These changes are likely to improve the overall performance and accuracy of the Brakeman scanner by focusing its analysis on the relevant parts of the application and avoiding unnecessary processing of directories and files that are not directly relevant to the security analysis, such as generators, tasks, templates, databases, and test-related files.

Files Changed:

• lib/brakeman/app_tree.rb: This file contains the changes related to the handling of excluded paths in the Brakeman security scanner. The changes include updating the EXCLUDED_PATHS constant to use a regular expression-based approach, modifying the reject_global_excludes method to use the new match_path helper method, and introducing the match_path method to handle the matching of paths against the exclusion patterns.