-
Notifications
You must be signed in to change notification settings - Fork 897
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix brakeman fingerprint patch on clones #23191
Merged
jrafanie
merged 2 commits into
ManageIQ:master
from
Fryguy:fix_brakeman_fingerprint_patch_on_clones
Sep 18, 2024
Merged
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,168 @@ | ||
RSpec.describe BrakemanFingerprintPatch do | ||
subject do | ||
Class.new do | ||
include BrakemanFingerprintPatch | ||
attr_accessor :file | ||
def initialize = @warning_code = 0 | ||
def confidence = "High" | ||
def location = {} | ||
end.new | ||
end | ||
|
||
shared_examples_for "handles brakeman pathing" do | ||
before do | ||
allow(Rails).to receive(:root).and_return(Pathname.new(core_path)) | ||
allow(described_class).to receive(:rails_engine_paths).and_return([engine_path]) | ||
end | ||
|
||
it "with an issue in the engine" do | ||
subject.file = engine_issue | ||
|
||
expect(subject.file_string).to eq("(engine:manageiq-ui-classic) app/controllers/application_controller.rb") | ||
expect(subject.fingerprint).to eq("1ea1c06c8976493622ad8c668f56df3a44aac997fabd57ab58fcf59a37712e56") | ||
end | ||
|
||
it "with an issue in core" do | ||
subject.file = core_issue | ||
|
||
expect(subject.file_string).to eq("lib/ansible/runner.rb") | ||
expect(subject.fingerprint).to eq("f06e25d3b6fa417a80313b2ebd451fbbeac3670f03897e26e86983a5c29635c1") | ||
end | ||
end | ||
|
||
let(:core_path) { "/Users/user/dev/manageiq/" } | ||
let(:core_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "lib/ansible/runner.rb", | ||
:absolute => "/Users/user/dev/manageiq/lib/ansible/runner.rb" | ||
) | ||
end | ||
|
||
context "running from the core repo" do | ||
context "with a git-based engine" do | ||
context "in the system gem location" do | ||
let(:engine_path) { "/Users/user/.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/" } | ||
let(:engine_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "../../.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/app/controllers/application_controller.rb", | ||
:absolute => "/Users/user/.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/app/controllers/application_controller.rb" | ||
) | ||
end | ||
|
||
include_examples "handles brakeman pathing" | ||
end | ||
|
||
context "in a vendored gem location inside of the core repo" do # This is the core CI case | ||
let(:engine_path) { "/Users/user/dev/manageiq/vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/" } | ||
let(:engine_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/app/controllers/application_controller.rb", | ||
:absolute => "/Users/user/dev/manageiq/vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-df1d9535ef51/app/controllers/application_controller.rb" | ||
) | ||
end | ||
|
||
include_examples "handles brakeman pathing" | ||
end | ||
end | ||
|
||
context "with a gem-based engine" do | ||
context "in the system gem location" do | ||
let(:engine_path) { "/Users/user/.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/" } | ||
let(:engine_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "../../.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/app/controllers/application_controller.rb", | ||
:absolute => "/Users/user/.gem/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/app/controllers/application_controller.rb" | ||
) | ||
end | ||
|
||
include_examples "handles brakeman pathing" | ||
end | ||
|
||
context "in a vendored gem location inside of the core repo" do # This is a core CI case in a future where we might use a versioned gem | ||
let(:engine_path) { "/Users/user/dev/manageiq/vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/" } | ||
let(:engine_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/app/controllers/application_controller.rb", | ||
:absolute => "/Users/user/dev/manageiq/vendor/bundle/ruby/3.1.5/bundler/gems/manageiq-ui-classic-0.1.0/app/controllers/application_controller.rb" | ||
) | ||
end | ||
|
||
include_examples "handles brakeman pathing" | ||
end | ||
end | ||
|
||
context "with a path-based engine" do | ||
context "which is a sibling of the core repo" do | ||
let(:engine_path) { "/Users/user/dev/manageiq-ui-classic/" } | ||
let(:engine_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "../manageiq-ui-classic/app/controllers/application_controller.rb", | ||
:absolute => "/Users/user/dev/manageiq-ui-classic/app/controllers/application_controller.rb" | ||
) | ||
end | ||
|
||
include_examples "handles brakeman pathing" | ||
end | ||
|
||
context "which is inside of the core repo" do | ||
let(:engine_path) { "/Users/user/dev/manageiq/plugins/manageiq-ui-classic/" } | ||
let(:engine_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "plugins/manageiq-ui-classic/app/controllers/application_controller.rb", | ||
:absolute => "/Users/user/dev/manageiq/plugins/manageiq-ui-classic/app/controllers/application_controller.rb" | ||
) | ||
end | ||
|
||
include_examples "handles brakeman pathing" | ||
end | ||
end | ||
end | ||
|
||
context "running from an engine repo" do | ||
context "with a symlinked spec/manageiq dir" do # When symlinked, the paths appear the same as a path-based gem, so these are copies of the path-based tests above | ||
context "which is a sibling of the core repo" do | ||
let(:engine_path) { "/Users/user/dev/manageiq-ui-classic/" } | ||
let(:engine_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "../manageiq-ui-classic/app/controllers/application_controller.rb", | ||
:absolute => "/Users/user/dev/manageiq-ui-classic/app/controllers/application_controller.rb" | ||
) | ||
end | ||
|
||
include_examples "handles brakeman pathing" | ||
end | ||
|
||
context "which is inside of the core repo" do | ||
let(:engine_path) { "/Users/user/dev/manageiq/plugins/manageiq-ui-classic/" } | ||
let(:engine_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "plugins/manageiq-ui-classic/app/controllers/application_controller.rb", | ||
:absolute => "/Users/user/dev/manageiq/plugins/manageiq-ui-classic/app/controllers/application_controller.rb" | ||
) | ||
end | ||
|
||
include_examples "handles brakeman pathing" | ||
end | ||
end | ||
|
||
context "with a cloned spec/manageiq dir" do # This is also the CI case for a plugin | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @jrafanie When I ran these tests without the code fix, all of them passed except this one, and within this one the engine one passed but the core case did not. So, the code fix specifically fixes this case without breaking the other cases. |
||
let(:core_path) { "/Users/user/dev/manageiq-ui-classic/spec/manageiq/" } | ||
let(:core_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "lib/ansible/runner.rb", | ||
:absolute => "/Users/user/dev/manageiq-ui-classic/spec/manageiq/lib/ansible/runner.rb" | ||
) | ||
end | ||
|
||
let(:engine_path) { "/Users/user/dev/manageiq-ui-classic/" } | ||
let(:engine_issue) do | ||
instance_double("Brakeman::FilePath", | ||
:relative => "../../app/controllers/application_controller.rb", | ||
:absolute => "/Users/user/dev/manageiq-ui-classic/app/controllers/application_controller.rb" | ||
) | ||
end | ||
|
||
include_examples "handles brakeman pathing" | ||
end | ||
end | ||
end |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, when have a core cloned underneath the engine we have 2 cases
/Users/user/dev/manageiq-ui-classic/app/controllers/application_controller.rb
/Users/user/dev/manageiq-ui-classic/spec/manageiq/lib/ansible/runner.rb
In both of those cases, we get an
engine_path
, but in reality, only the issue in an engine file one is actually in the engine, whereas the core file just happens to be under the engine directory, but is actually an issue in core. So, we do additional checks toThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wow, that's too bad we need to check it like this in a patch of brakeman.
Just checking... Do we still think it's worth checking all of the engines here? I know it's been a bit frustrating that an engine issue was causing unrelated core test failures. Is it just more convenient to pull in all the engines and test each one?
Honestly, if we tested in UI classic only, the rest of the engines could probably be included in the core tests. UI classic is likely the noisest offender for brakeman issues outside of core. I'm just wondering if it's worth it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a really good idea. I think what I'd like to do is get this merged to get us green then I can investigate that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I researched this a little, and I thikn the way we have it is the best way. The brakeman app technically always runs from the main app, and what we do is just tell it more engines to check. From core, we just loop through all of the engines and add all of them. From an engine, we just add the engine itself only.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, I think the problem is where the problem is reported. If we add something in an engine that breaks core, it makes core red and we become hesitant to merge while it's being fixed whereas the engine is not aware of the problem. We can look at it as a followup, I just wanted to make sure the complexity still made sense.