diff --git a/.circleci/config.yml b/.circleci/config.yml deleted file mode 100644 index fdd4438..0000000 --- a/.circleci/config.yml +++ /dev/null @@ -1,163 +0,0 @@ -version: 2.1 -orbs: - ruby: circleci/ruby@0.1.2 - -jobs: - build-current: - docker: - - image: circleci/ruby:2.7.2-node-browsers - environment: - PGHOST: 127.0.0.1 - RAILS_ENV: test - PGUSER: root - - # Specify service dependencies here if necessary - # CircleCI maintains a library of pre-built images - # documented at https://circleci.com/docs/2.0/circleci-images/ - - image: circleci/postgres:9.6.2 - environment: - POSTGRES_DB: pop_test - POSTGRES_USER: root - - working_directory: ~/repo - - steps: - - checkout - - # Download and cache dependencies - - restore_cache: - keys: - - v1-dependencies-{{ checksum "Gemfile.lock" }} - # fallback to using the latest cache if no exact match is found - - v1-dependencies- - - - run: - name: Configure Bundler - command: | - echo 'export BUNDLER_VERSION=$(cat Gemfile.lock | tail -1 | tr -d " ")' >> $BASH_ENV - source $BASH_ENV - gem install bundler -v "$BUNDLER_VERSION" - bundle install --jobs=4 --retry=3 --path vendor/bundle - - - save_cache: - paths: - - ./vendor/bundle - key: v1-dependencies-{{ checksum "Gemfile.lock" }} - - - run: - name: Lint - command: bundle exec rubocop -c ./.rubocop_with_todo.yml - - - run: - name: Check code smells (Reek) - command: bundle exec reek - - # Database setup - - run: cp ./config/database.yml.sample ./config/database.yml - - run: bundle exec rake db:create - - run: bundle exec rake db:migrate - - # Webpack - - run: bundle exec rake assets:precompile - - # run tests! - - run: - name: run tests - command: | - mkdir /tmp/test-results - TEST_FILES="$(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)" - - bundle exec rspec --format progress \ - --out /tmp/test-results/rspec.xml \ - --format progress \ - $TEST_FILES - - # collect reports - - store_test_results: - path: /tmp/test-results - - store_artifacts: - path: /tmp/test-results - destination: test-results - build-next: - docker: - - image: circleci/ruby:2.7.2-node-browsers - environment: - PGHOST: 127.0.0.1 - RAILS_ENV: test - PGUSER: root - BUNDLE_GEMFILE: Gemfile.next - - # Specify service dependencies here if necessary - # CircleCI maintains a library of pre-built images - # documented at https://circleci.com/docs/2.0/circleci-images/ - - image: circleci/postgres:9.6.2 - environment: - POSTGRES_DB: pop_test - POSTGRES_USER: root - - working_directory: ~/repo - - steps: - - checkout - - # Download and cache dependencies - - restore_cache: - keys: - - v1-dependencies-{{ checksum "Gemfile.next.lock" }} - # fallback to using the latest cache if no exact match is found - - v1-dependencies- - - - run: - name: Configure Bundler - command: | - echo 'export BUNDLER_VERSION=$(cat Gemfile.next.lock | tail -1 | tr -d " ")' >> $BASH_ENV - source $BASH_ENV - gem install bundler -v "$BUNDLER_VERSION" - bundle install --jobs=4 --retry=3 --path vendor/bundle - - - save_cache: - paths: - - ./vendor/bundle - key: v1-dependencies-{{ checksum "Gemfile.next.lock" }} - - - run: - name: Lint - command: bundle exec rubocop -c ./.rubocop_with_todo.yml - - - run: - name: Check code smells (Reek) - command: bundle exec reek - - # Database setup - - run: cp ./config/database.yml.sample ./config/database.yml - - run: bundle exec rake db:create - - run: bundle exec rake db:migrate - - # Webpack - - run: bundle exec rake assets:precompile - - # run tests! - - run: - name: run tests - command: | - mkdir /tmp/test-results - TEST_FILES="$(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)" - - bundle exec rspec --format progress \ - --out /tmp/test-results/rspec.xml \ - --format progress \ - $TEST_FILES - - # collect reports - - store_test_results: - path: /tmp/test-results - - store_artifacts: - path: /tmp/test-results - destination: test-results - -workflows: - version: 2 - build: - jobs: - - "build-current" - - "build-next" diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..b7edad4 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,12 @@ +.git +.circleci +log/* +tmp/* +!log/.keep +!tmp/.keep +vendor/bundle +node_modules +.env +config/database.yml +.bundle +*.sqlite3 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..0f4c91c --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,73 @@ +name: CI + +on: + push: + branches: [main] + pull_request: + +jobs: + build: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + gemfile: [Gemfile, Gemfile.next] + + services: + postgres: + image: postgres:9.6.2 + env: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + ports: + - 5432:5432 + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + + env: + RAILS_ENV: test + DATABASE_HOST: 127.0.0.1 + DATABASE_USERNAME: postgres + DATABASE_PASSWORD: postgres + BUNDLE_GEMFILE: ${{ matrix.gemfile }} + + steps: + - uses: actions/checkout@v4 + + - name: System dependencies (libpq + wkhtmltopdf's 32-bit binary + imagemagick + JS runtime) + run: | + sudo dpkg --add-architecture i386 + sudo apt-get update -qq + sudo apt-get install -y --no-install-recommends \ + libpq-dev imagemagick fontconfig libxrender1 libxext6 \ + xfonts-75dpi xfonts-base libc6:i386 libstdc++6:i386 nodejs + + - uses: ruby/setup-ruby@v1 + with: + ruby-version: "3.2.11" + bundler-cache: true + + - name: Lint + run: bundle exec rubocop -c ./.rubocop_with_todo.yml . + + - name: Check code smells (Reek) + run: bundle exec reek . + + - name: Database setup + run: | + cp ./config/database.yml.sample ./config/database.yml + bundle exec rake db:create + bundle exec rake db:migrate + + - name: Precompile assets + run: bundle exec rake assets:precompile + + - name: Run tests + run: bin/rails test + + - name: Run system tests + run: bin/rails test:system diff --git a/.gitignore b/.gitignore index cf829a3..001c4bb 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ # Ignore bundler config. /.bundle +/vendor/bundle # Ignore app config .env @@ -24,7 +25,7 @@ config/database.yml /node_modules /yarn-error.log -spec/test_files +test/test_files .byebug_history .DS_Store diff --git a/.reek.yml b/.reek.yml index 3496ddd..6606a92 100644 --- a/.reek.yml +++ b/.reek.yml @@ -54,6 +54,8 @@ detectors: UtilityFunction: exclude: - GemfilesController#vulnerabilities_count + - GemfileTest#stub_scanner + - GemfileTest#valid_file # Directories and files below will not be scanned at all exclude_paths: - vendor diff --git a/.rspec b/.rspec deleted file mode 100644 index c99d2e7..0000000 --- a/.rspec +++ /dev/null @@ -1 +0,0 @@ ---require spec_helper diff --git a/.rubocop.yml b/.rubocop.yml index 9a1e784..6b5bccb 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,12 +1,7 @@ inherit_from: .rubocop_todo.yml -require: - - standard - - rubocop-rails - - rubocop-rspec - inherit_gem: - standard: config/base.yml + rubocop-rails-omakase: rubocop.yml AllCops: NewCops: enable @@ -15,16 +10,6 @@ AllCops: - public/**/* - vendor/**/* -Rails: - Enabled: true -RSpec: - Enabled: true -RSpec/DescribeClass: - Enabled: false -RSpec/ExampleLength: - Max: 20 -RSpec/FilePath: - Enabled: false Style/MixinUsage: Exclude: - bin/**/* diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 6345468..102b3a0 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -53,7 +53,6 @@ Layout/ExtraSpacing: - 'config/environments/production.rb' - 'config/environments/test.rb' - 'config/puma.rb' - - 'spec/models/gemfile_spec.rb' # Offense count: 1 # Cop supports --auto-correct. @@ -71,25 +70,12 @@ Layout/SpaceAroundOperators: Exclude: - 'app/models/gemfile.rb' -# Offense count: 2 -# Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBrackets. -# SupportedStyles: space, no_space, compact -# SupportedStylesForEmptyBrackets: space, no_space +# rubocop-rails-omakase defaults to spaces inside array/hash literal +# brackets; keep this codebase's existing no-space convention instead. Layout/SpaceInsideArrayLiteralBrackets: - Exclude: - - 'config/environments/production.rb' - -# Offense count: 12 -# Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBraces. -# SupportedStyles: space, no_space, compact -# SupportedStylesForEmptyBraces: space, no_space + EnforcedStyle: no_space Layout/SpaceInsideHashLiteralBraces: - Exclude: - - 'app/models/gemfile.rb' - - 'config/initializers/paperclip.rb' - - 'spec/controllers/gemfiles_controller_spec.rb' + EnforcedStyle: no_space # Offense count: 2 # Cop supports --auto-correct. @@ -97,14 +83,6 @@ Layout/SpaceInsideHashLiteralBraces: Layout/TrailingWhitespace: Exclude: - 'app/controllers/gemfiles_controller.rb' - - 'spec/spec_helper.rb' - -# Offense count: 1 -# Configuration parameters: AllowedMethods. -# AllowedMethods: enums -Lint/ConstantDefinitionInBlock: - Exclude: - - 'spec/models/gemfile_spec.rb' # Offense count: 1 # Cop supports --auto-correct. @@ -112,47 +90,6 @@ Lint/RedundantStringCoercion: Exclude: - 'app/models/gemfile.rb' -# Offense count: 1 -# Cop supports --auto-correct. -# Configuration parameters: SkipBlocks, EnforcedStyle. -# SupportedStyles: described_class, explicit -RSpec/DescribedClass: - Exclude: - - 'spec/models/gemfile_spec.rb' - -# Offense count: 1 -# Cop supports --auto-correct. -RSpec/EmptyLineAfterFinalLet: - Exclude: - - 'spec/controllers/gemfiles_controller_spec.rb' - -# Offense count: 2 -# Cop supports --auto-correct. -RSpec/LeadingSubject: - Exclude: - - 'spec/controllers/gemfiles_controller_spec.rb' - - 'spec/models/gemfile_spec.rb' - -# Offense count: 1 -RSpec/LeakyConstantDeclaration: - Exclude: - - 'spec/models/gemfile_spec.rb' - -# Offense count: 6 -RSpec/MultipleExpectations: - Max: 12 - -# Offense count: 12 -# Configuration parameters: IgnoreSharedExamples. -RSpec/NamedSubject: - Exclude: - - 'spec/controllers/gemfiles_controller_spec.rb' - - 'spec/models/gemfile_spec.rb' - -# Offense count: 1 -RSpec/NestedGroups: - Max: 4 - # Offense count: 8 # Configuration parameters: EnforcedStyle. # SupportedStyles: slashes, arguments @@ -161,9 +98,6 @@ Rails/FilePath: - 'app/models/gemfile.rb' - 'config/environments/development.rb' - 'config/environments/test.rb' - - 'spec/controllers/gemfiles_controller_spec.rb' - - 'spec/models/gemfile_spec.rb' - - 'spec/spec_helper.rb' # Offense count: 1 # Configuration parameters: Include. @@ -184,12 +118,6 @@ Security/Open: Exclude: - 'app/models/gemfile.rb' -# Offense count: 1 -# Cop supports --auto-correct. -Style/BlockComments: - Exclude: - - 'spec/spec_helper.rb' - # Offense count: 1 # Cop supports --auto-correct. Style/GlobalStdStream: @@ -211,7 +139,6 @@ Style/HashSyntax: Style/PercentLiteralDelimiters: Exclude: - 'config/initializers/assets.rb' - - 'config/spring.rb' # Offense count: 2 # Cop supports --auto-correct. diff --git a/.rubocop_with_todo.yml b/.rubocop_with_todo.yml index ba0861f..b44698a 100644 --- a/.rubocop_with_todo.yml +++ b/.rubocop_with_todo.yml @@ -1,12 +1,7 @@ inherit_from: .rubocop_todo.yml -require: - - standard - - rubocop-rails - - rubocop-rspec - inherit_gem: - standard: config/base.yml + rubocop-rails-omakase: rubocop.yml AllCops: NewCops: enable @@ -17,16 +12,6 @@ AllCops: - db/migrate/20210701181510_add_service_name_to_active_storage_blobs.active_storage.rb - db/migrate/20210701181511_create_active_storage_variant_records.active_storage.rb -Rails: - Enabled: true -RSpec: - Enabled: true -RSpec/DescribeClass: - Enabled: false -RSpec/ExampleLength: - Max: 20 -RSpec/FilePath: - Enabled: false Style/MixinUsage: Exclude: - bin/**/* diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e6a5d76 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,42 @@ +FROM ruby:3.2.11 + +RUN dpkg --add-architecture i386 \ + && apt-get update -qq \ + && apt-get install -y --no-install-recommends \ + build-essential \ + libpq-dev \ + postgresql-client \ + imagemagick \ + fontconfig \ + libxrender1 \ + libxext6 \ + xfonts-75dpi \ + xfonts-base \ + nodejs \ + libc6:i386 \ + libstdc++6:i386 \ + chromium \ + chromium-driver \ + && rm -rf /var/lib/apt/lists/* + +RUN gem install bundler -v 2.2.21 + +WORKDIR /app + +COPY Gemfile Gemfile.lock ./ +RUN bundle _2.2.21_ install --jobs=4 --retry=3 + +# Dual-boot: Gemfile.next targets the Rails version we're upgrading to. +# Remove this block (and Gemfile.next / Gemfile.next.lock) once the upgrade lands. +COPY Gemfile.next Gemfile.next.lock ./ +RUN BUNDLE_GEMFILE=Gemfile.next bundle _2.2.21_ install --jobs=4 --retry=3 + +COPY . . + +COPY docker/entrypoint.sh /usr/local/bin/entrypoint.sh +RUN chmod +x /usr/local/bin/entrypoint.sh + +EXPOSE 3000 + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +CMD ["bundle", "exec", "rails", "server", "-b", "0.0.0.0"] diff --git a/Gemfile b/Gemfile index d46e0c2..457137a 100644 --- a/Gemfile +++ b/Gemfile @@ -1,85 +1,77 @@ +source "https://rubygems.org" + def next? File.basename(__FILE__) == "Gemfile.next" end -source "https://rubygems.org" git_source(:github) do |repo_name| repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/") "https://github.com/#{repo_name}.git" end -ruby "2.7.2" +ruby "3.2.11" +# rubocop:disable Style/IdenticalConditionalBranches if next? - gem "rails", github: "rails/rails", branch: "main" + gem "rails", ">= 7.1.0", "< 7.2.0" else - gem "rails", "~> 6.1.0" + gem "rails", ">= 7.1.0", "< 7.2.0" end +# rubocop:enable Style/IdenticalConditionalBranches gem "bundler-audit" -# Use sqlite3 as the database for Active Record -# gem 'sqlite3' -# Use Puma as the app server +gem "next_rails" +gem "concurrent-ruby", "< 1.3.5" gem "puma", "~> 3.7" -gem "nokogiri", "~> 1.8.2" -# Use SCSS for stylesheets +# minitest 6.0 dropped minitest/mock.rb into a separate minitest-mock gem; +# pinned below 6 so a transitive bump (e.g. via `bundle update rails`) +# doesn't silently drag the test suite's own framework across a major +# version as collateral. +gem "minitest", "< 6" +gem "nokogiri", ">= 1.13.0" gem "sass-rails", "~> 5.0" -# Font awesome -gem "font-awesome-rails" -# Use Uglifier as compressor for JavaScript assets +gem "font-awesome-rails", ">= 4.7.0.9" gem "uglifier", ">= 1.3.0" -# See https://github.com/rails/execjs#readme for more supported runtimes -# gem 'therubyracer', platforms: :ruby -# Use CoffeeScript for .coffee assets and views gem "coffee-rails", "~> 5.0" -# Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks gem "turbolinks", "~> 5" -# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder gem "jbuilder", "~> 2.5" -# Use Redis adapter to run Action Cable in production -# gem 'redis', '~> 3.0' -# Use ActiveModel has_secure_password -# gem 'bcrypt', '~> 3.1.7' gem "redcarpet" -# Use Capistrano for deployment -# gem 'capistrano-rails', group: :development - gem "wicked_pdf", "1.4.0" gem "wkhtmltopdf-binary", "0.12.3.1" -# FastRuby Styleguide gem "fastruby-styleguide", git: "https://github.com/fastruby/styleguide.git", branch: "gh-pages" -gem "paperclip", "~> 5.2.1" -gem "aws-sdk", "~> 2.3.0" +# paperclip is unmaintained since 2018 and calls URI.escape (removed in Ruby +# 3.0); kt-paperclip is a maintained, actively-released fork that fixes this +# and stays drop-in compatible (same Paperclip:: module/require path). +gem "kt-paperclip", "~> 8.0.0", require: "paperclip" +# aws-sdk v2's aws-sdk-core relies on implicit block capture via +# `Proc.new` with no block, removed in Ruby 3.0. kt-paperclip's S3 +# storage adapter already targets aws-sdk-s3 (the modern per-service +# SDK, same Aws::S3:: namespace) directly -- no application code +# changes needed, just the gem swap. +gem "aws-sdk-s3" gem "pg", "~> 1.1" gem "clipboard-rails" group :development, :test do - # Call 'byebug' anywhere in the code to stop execution and get a debugger console - gem "byebug", platforms: [:mri, :mingw, :x64_mingw] - # Adds support for Capybara system testing and selenium driver - gem 'capybara', '~> 2.13' - gem 'rspec-rails' - gem "rubocop-rails", require: false # rails rules for standard - gem "rubocop-rspec", require: false # rspec rules for standard - gem 'selenium-webdriver' - gem "standard" - gem 'dotenv-rails' + gem "capybara", "~> 3.40" + gem "rubocop-rails-omakase", require: false + gem "selenium-webdriver" + gem "dotenv-rails" end group :development do - # Access an IRB console on exception pages or by using <%= console %> anywhere in the code. gem "web-console", ">= 3.3.0" - gem "listen", ">= 3.0.5", "< 3.2" - gem "reek" # code smells linter - # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring + gem "listen", ">= 3.5" + gem "reek" + # spring 4.x / spring-watcher-listen 2.1.x need Ruby >= 3.1, which we now + # satisfy -- previously dropped during the Rails 6.1 -> 7.0 hop. gem "spring" - gem "spring-watcher-listen", "~> 2.0.0" + gem "spring-watcher-listen", "~> 2.1.0" end -# Windows does not include zoneinfo files, so bundle the tzinfo-data gem gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw, :jruby] diff --git a/Gemfile.lock b/Gemfile.lock index 4476373..d14f3d5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/fastruby/styleguide.git - revision: 3b600d291f1c712c747dbc99a5fb952957fef2b1 + revision: 72e40c19980e37acaccb741dc1a8a47e3242cba3 branch: gh-pages specs: fastruby-styleguide (0.1.0) @@ -14,97 +14,132 @@ GIT GEM remote: https://rubygems.org/ specs: - actioncable (6.1.4) - actionpack (= 6.1.4) - activesupport (= 6.1.4) + actioncable (7.1.6) + actionpack (= 7.1.6) + activesupport (= 7.1.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.4) - actionpack (= 6.1.4) - activejob (= 6.1.4) - activerecord (= 6.1.4) - activestorage (= 6.1.4) - activesupport (= 6.1.4) + zeitwerk (~> 2.6) + actionmailbox (7.1.6) + actionpack (= 7.1.6) + activejob (= 7.1.6) + activerecord (= 7.1.6) + activestorage (= 7.1.6) + activesupport (= 7.1.6) mail (>= 2.7.1) - actionmailer (6.1.4) - actionpack (= 6.1.4) - actionview (= 6.1.4) - activejob (= 6.1.4) - activesupport (= 6.1.4) + net-imap + net-pop + net-smtp + actionmailer (7.1.6) + actionpack (= 7.1.6) + actionview (= 7.1.6) + activejob (= 7.1.6) + activesupport (= 7.1.6) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.1.4) - actionview (= 6.1.4) - activesupport (= 6.1.4) - rack (~> 2.0, >= 2.0.9) + net-imap + net-pop + net-smtp + rails-dom-testing (~> 2.2) + actionpack (7.1.6) + actionview (= 7.1.6) + activesupport (= 7.1.6) + cgi + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.4) - actionpack (= 6.1.4) - activerecord (= 6.1.4) - activestorage (= 6.1.4) - activesupport (= 6.1.4) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.6) + actionpack (= 7.1.6) + activerecord (= 7.1.6) + activestorage (= 7.1.6) + activesupport (= 7.1.6) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.4) - activesupport (= 6.1.4) + actionview (7.1.6) + activesupport (= 7.1.6) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.4) - activesupport (= 6.1.4) + cgi + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (7.1.6) + activesupport (= 7.1.6) globalid (>= 0.3.6) - activemodel (6.1.4) - activesupport (= 6.1.4) - activerecord (6.1.4) - activemodel (= 6.1.4) - activesupport (= 6.1.4) - activestorage (6.1.4) - actionpack (= 6.1.4) - activejob (= 6.1.4) - activerecord (= 6.1.4) - activesupport (= 6.1.4) - marcel (~> 1.0.0) - mini_mime (>= 1.1.0) - activesupport (6.1.4) + activemodel (7.1.6) + activesupport (= 7.1.6) + activerecord (7.1.6) + activemodel (= 7.1.6) + activesupport (= 7.1.6) + timeout (>= 0.4.0) + activestorage (7.1.6) + actionpack (= 7.1.6) + activejob (= 7.1.6) + activerecord (= 7.1.6) + activesupport (= 7.1.6) + marcel (~> 1.0) + activesupport (7.1.6) + base64 + benchmark (>= 0.3) + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) + mutex_m + securerandom (>= 0.3) tzinfo (~> 2.0) - zeitwerk (~> 2.3) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) - ast (2.4.2) - autoprefixer-rails (10.2.5.1) - execjs (> 0) - aws-sdk (2.3.23) - aws-sdk-resources (= 2.3.23) - aws-sdk-core (2.3.23) - jmespath (~> 1.0) - aws-sdk-resources (2.3.23) - aws-sdk-core (= 2.3.23) + addressable (2.9.0) + public_suffix (>= 2.0.2, < 8.0) + ast (2.4.3) + autoprefixer-rails (10.4.21.0) + execjs (~> 2) + aws-eventstream (1.4.0) + aws-partitions (1.1266.0) + aws-sdk-core (3.252.0) + aws-eventstream (~> 1, >= 1.3.0) + aws-partitions (~> 1, >= 1.992.0) + aws-sigv4 (~> 1.9) + base64 + bigdecimal + jmespath (~> 1, >= 1.6.1) + logger + aws-sdk-kms (1.129.0) + aws-sdk-core (~> 3, >= 3.248.0) + aws-sigv4 (~> 1.5) + aws-sdk-s3 (1.226.0) + aws-sdk-core (~> 3, >= 3.248.0) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.5) + aws-sigv4 (1.12.1) + aws-eventstream (~> 1, >= 1.0.2) + base64 (0.3.0) + benchmark (0.5.0) + bigdecimal (4.1.2) bindex (0.8.1) bootstrap-sass (3.4.1) autoprefixer-rails (>= 5.2.1) sassc (>= 2.0.0) - builder (3.2.4) - bundler-audit (0.8.0) - bundler (>= 1.2.0, < 3) + builder (3.3.0) + bundler-audit (0.9.3) + bundler (>= 1.2.0) thor (~> 1.0) - byebug (11.1.3) - capybara (2.18.0) + capybara (3.40.0) addressable + matrix mini_mime (>= 0.1.3) - nokogiri (>= 1.3.3) - rack (>= 1.0.0) - rack-test (>= 0.5.4) - xpath (>= 2.0, < 4.0) - childprocess (3.0.0) - climate_control (0.2.0) + nokogiri (~> 1.11) + rack (>= 1.6.0) + rack-test (>= 0.6.3) + regexp_parser (>= 1.5, < 3.0) + xpath (~> 3.2) + cgi (0.5.2) + climate_control (1.2.0) clipboard-rails (1.7.1) - cocaine (0.5.8) - climate_control (>= 0.0.3, < 1.0) coffee-rails (5.0.0) coffee-script (>= 2.2.0) railties (>= 5.2.0) @@ -112,153 +147,225 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.9) - crass (1.0.6) - diff-lcs (1.4.4) - dotenv (2.7.6) - dotenv-rails (2.7.6) - dotenv (= 2.7.6) + concurrent-ruby (1.3.4) + connection_pool (3.0.2) + crass (1.0.7) + date (3.5.1) + dotenv (2.8.1) + dotenv-rails (2.8.1) + dotenv (= 2.8.1) railties (>= 3.2) - erubi (1.10.0) - execjs (2.8.1) - ffi (1.15.3) - font-awesome-rails (4.7.0.7) - railties (>= 3.2, < 7) - globalid (0.4.2) - activesupport (>= 4.2.0) - i18n (1.8.10) + drb (2.2.3) + dry-configurable (1.3.0) + dry-core (~> 1.1) + zeitwerk (~> 2.6) + dry-core (1.2.0) + concurrent-ruby (~> 1.0) + logger + zeitwerk (~> 2.6) + dry-inflector (1.3.1) + dry-initializer (3.2.0) + dry-logic (1.6.0) + bigdecimal + concurrent-ruby (~> 1.0) + dry-core (~> 1.1) + zeitwerk (~> 2.6) + dry-schema (1.16.0) concurrent-ruby (~> 1.0) - jbuilder (2.11.2) + dry-configurable (~> 1.0, >= 1.0.1) + dry-core (~> 1.1) + dry-initializer (~> 3.2) + dry-logic (~> 1.6) + dry-types (~> 1.9, >= 1.9.1) + zeitwerk (~> 2.6) + dry-types (1.9.1) + bigdecimal (>= 3.0) + concurrent-ruby (~> 1.0) + dry-core (~> 1.0) + dry-inflector (~> 1.0) + dry-logic (~> 1.4) + zeitwerk (~> 2.6) + erb (6.0.4) + erubi (1.13.1) + execjs (2.10.1) + ffi (1.17.4) + font-awesome-rails (4.7.0.9) + railties (>= 3.2, < 9.0) + globalid (1.4.0) + activesupport (>= 6.1) + i18n (1.15.2) + concurrent-ruby (~> 1.0) + io-console (0.8.2) + irb (1.18.0) + pp (>= 0.6.0) + prism (>= 1.3.0) + rdoc (>= 4.0.0) + reline (>= 0.4.2) + jbuilder (2.13.0) + actionview (>= 5.0.0) activesupport (>= 5.0.0) - jmespath (1.4.0) - jquery-rails (4.4.0) + jmespath (1.6.2) + jquery-rails (4.6.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - kwalify (0.7.2) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) - loofah (2.10.0) + json (2.20.0) + kt-paperclip (8.0.0) + activemodel (>= 4.2.0) + activesupport (>= 4.2.0) + marcel (>= 1.0.1) + mime-types + terrapin (>= 0.6.0) + language_server-protocol (3.17.0.6) + listen (3.10.0) + logger + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + logger (1.7.0) + loofah (2.25.1) crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) + nokogiri (>= 1.12.0) + mail (2.9.1) + logger mini_mime (>= 0.1.1) - marcel (1.0.1) + net-imap + net-pop + net-smtp + marcel (1.2.1) material_design_lite-sass (1.3.0.1) autoprefixer-rails (>= 6.5) sass (>= 3.3) - method_source (1.0.0) - mime-types (3.3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2021.0225) - mimemagic (0.3.10) - nokogiri (~> 1) - rake - mini_mime (1.1.0) - mini_portile2 (2.3.0) - minitest (5.14.4) - nio4r (2.5.7) - nokogiri (1.8.5) - mini_portile2 (~> 2.3.0) - paperclip (5.2.1) - activemodel (>= 4.2.0) - activesupport (>= 4.2.0) - cocaine (~> 0.5.5) - mime-types - mimemagic (~> 0.3.0) - parallel (1.20.1) - parser (3.0.2.0) + matrix (0.4.3) + mime-types (3.7.0) + logger + mime-types-data (~> 3.2025, >= 3.2025.0507) + mime-types-data (3.2026.0701) + mini_mime (1.1.5) + mini_portile2 (2.8.9) + minitest (5.27.0) + mutex_m (0.3.0) + net-imap (0.6.4.1) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.2) + timeout + net-smtp (0.5.1) + net-protocol + next_rails (1.6.0) + nio4r (2.7.5) + nokogiri (1.19.4) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + parallel (1.28.0) + parser (3.3.11.1) ast (~> 2.4.1) - pg (1.2.3) - popper_js (2.9.2) - psych (3.3.2) - public_suffix (4.0.6) + racc + pg (1.6.3) + popper_js (2.11.8) + pp (0.6.4) + prettyprint + prettyprint (0.2.0) + prism (1.9.0) + public_suffix (7.0.5) puma (3.12.6) - rack (2.2.3) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails (6.1.4) - actioncable (= 6.1.4) - actionmailbox (= 6.1.4) - actionmailer (= 6.1.4) - actionpack (= 6.1.4) - actiontext (= 6.1.4) - actionview (= 6.1.4) - activejob (= 6.1.4) - activemodel (= 6.1.4) - activerecord (= 6.1.4) - activestorage (= 6.1.4) - activesupport (= 6.1.4) + racc (1.8.1) + rack (2.2.23) + rack-session (1.0.2) + rack (< 3) + rack-test (2.2.0) + rack (>= 1.3) + rackup (1.0.1) + rack (< 3) + webrick + rails (7.1.6) + actioncable (= 7.1.6) + actionmailbox (= 7.1.6) + actionmailer (= 7.1.6) + actionpack (= 7.1.6) + actiontext (= 7.1.6) + actionview (= 7.1.6) + activejob (= 7.1.6) + activemodel (= 7.1.6) + activerecord (= 7.1.6) + activestorage (= 7.1.6) + activesupport (= 7.1.6) bundler (>= 1.15.0) - railties (= 6.1.4) - sprockets-rails (>= 2.0.0) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + railties (= 7.1.6) + rails-dom-testing (2.3.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - railties (6.1.4) - actionpack (= 6.1.4) - activesupport (= 6.1.4) - method_source - rake (>= 0.13) - thor (~> 1.0) - rainbow (3.0.0) - rake (13.0.3) - rb-fsevent (0.11.0) - rb-inotify (0.10.1) + rails-html-sanitizer (1.7.0) + loofah (~> 2.25) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) + railties (7.1.6) + actionpack (= 7.1.6) + activesupport (= 7.1.6) + cgi + irb + rackup (>= 1.0.0) + rake (>= 12.2) + thor (~> 1.0, >= 1.2.2) + tsort (>= 0.2) + zeitwerk (~> 2.6) + rainbow (3.1.1) + rake (13.4.2) + rb-fsevent (0.11.2) + rb-inotify (0.11.1) ffi (~> 1.0) - redcarpet (3.5.1) - reek (6.0.4) - kwalify (~> 0.7.0) - parser (~> 3.0.0) - psych (~> 3.1) + rbs (4.0.3) + logger + prism (>= 1.6.0) + tsort + rdoc (8.0.0) + erb + prism (>= 1.6.0) + rbs (>= 4.0.0) + tsort + redcarpet (3.6.1) + reek (6.5.0) + dry-schema (~> 1.13) + logger (~> 1.6) + parser (~> 3.3.0) rainbow (>= 2.0, < 4.0) - regexp_parser (2.1.1) - rexml (3.2.5) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-rails (5.0.1) - actionpack (>= 5.2) - activesupport (>= 5.2) - railties (>= 5.2) - rspec-core (~> 3.10) - rspec-expectations (~> 3.10) - rspec-mocks (~> 3.10) - rspec-support (~> 3.10) - rspec-support (3.10.2) - rubocop (1.18.3) + rexml (~> 3.1) + regexp_parser (2.12.0) + reline (0.6.3) + io-console (~> 0.5) + rexml (3.4.4) + rubocop (1.59.0) + json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 3.0.0.0) + parser (>= 3.2.2.4) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) - rexml - rubocop-ast (>= 1.7.0, < 2.0) + rexml (>= 3.2.5, < 4.0) + rubocop-ast (>= 1.30.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.7.0) - parser (>= 3.0.1.1) - rubocop-performance (1.11.4) - rubocop (>= 1.7.0, < 2.0) - rubocop-ast (>= 0.4.0) - rubocop-rails (2.11.3) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.30.0) + parser (>= 3.2.1.0) + rubocop-minitest (0.34.5) + rubocop (>= 1.39, < 2.0) + rubocop-ast (>= 1.30.0, < 2.0) + rubocop-performance (1.20.2) + rubocop (>= 1.48.1, < 2.0) + rubocop-ast (>= 1.30.0, < 2.0) + rubocop-rails (2.23.1) activesupport (>= 4.2.0) rack (>= 1.1) - rubocop (>= 1.7.0, < 2.0) - rubocop-rspec (2.4.0) - rubocop (~> 1.0) - rubocop-ast (>= 1.1.0) - ruby-progressbar (1.11.0) - ruby_dep (1.5.0) - rubyzip (2.3.1) + rubocop (>= 1.33.0, < 2.0) + rubocop-ast (>= 1.30.0, < 2.0) + rubocop-rails-omakase (1.0.0) + rubocop + rubocop-minitest + rubocop-performance + rubocop-rails + ruby-progressbar (1.13.0) + rubyzip (2.4.1) sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) @@ -272,39 +379,46 @@ GEM tilt (>= 1.1, < 3) sassc (2.4.0) ffi (~> 1.9) - selenium-webdriver (3.142.7) - childprocess (>= 0.5, < 4.0) - rubyzip (>= 1.2.2) - spring (2.1.1) - spring-watcher-listen (2.0.1) + securerandom (0.4.1) + selenium-webdriver (4.9.0) + rexml (~> 3.2, >= 3.2.5) + rubyzip (>= 1.2.2, < 3.0) + websocket (~> 1.0) + spring (4.7.0) + spring-watcher-listen (2.1.0) listen (>= 2.7, < 4.0) - spring (>= 1.2, < 3.0) - sprockets (3.7.2) + spring (>= 4) + sprockets (3.7.5) + base64 concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.5.2) + actionpack (>= 6.1) + activesupport (>= 6.1) sprockets (>= 3.0.0) - standard (1.1.5) - rubocop (= 1.18.3) - rubocop-performance (= 1.11.4) - thor (1.1.0) - tilt (2.0.10) + terrapin (1.1.1) + climate_control + thor (1.5.0) + tilt (2.8.0) + timeout (0.6.1) + tsort (0.2.0) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (2.0.4) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) - uglifier (4.2.0) + uglifier (4.2.1) execjs (>= 0.3.0, < 3) - unicode-display_width (2.0.0) - web-console (4.1.0) + unicode-display_width (2.6.0) + web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) bindex (>= 0.4.0) railties (>= 6.0.0) - websocket-driver (0.7.5) + webrick (1.9.2) + websocket (1.2.11) + websocket-driver (0.8.2) + base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) wicked_pdf (1.4.0) @@ -312,38 +426,37 @@ GEM wkhtmltopdf-binary (0.12.3.1) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.4.2) + zeitwerk (2.8.2) PLATFORMS ruby DEPENDENCIES - aws-sdk (~> 2.3.0) + aws-sdk-s3 bundler-audit - byebug - capybara (~> 2.13) + capybara (~> 3.40) clipboard-rails coffee-rails (~> 5.0) + concurrent-ruby (< 1.3.5) dotenv-rails fastruby-styleguide! - font-awesome-rails + font-awesome-rails (>= 4.7.0.9) jbuilder (~> 2.5) - listen (>= 3.0.5, < 3.2) - nokogiri (~> 1.8.2) - paperclip (~> 5.2.1) + kt-paperclip (~> 8.0.0) + listen (>= 3.5) + minitest (< 6) + next_rails + nokogiri (>= 1.13.0) pg (~> 1.1) puma (~> 3.7) - rails (~> 6.1.0) + rails (>= 7.1.0, < 7.2.0) redcarpet reek - rspec-rails - rubocop-rails - rubocop-rspec + rubocop-rails-omakase sass-rails (~> 5.0) selenium-webdriver spring - spring-watcher-listen (~> 2.0.0) - standard + spring-watcher-listen (~> 2.1.0) turbolinks (~> 5) tzinfo-data uglifier (>= 1.3.0) @@ -352,7 +465,7 @@ DEPENDENCIES wkhtmltopdf-binary (= 0.12.3.1) RUBY VERSION - ruby 2.7.2p137 + ruby 3.2.11p268 BUNDLED WITH 2.2.21 diff --git a/Gemfile.next.lock b/Gemfile.next.lock index af9f9d2..d14f3d5 100644 --- a/Gemfile.next.lock +++ b/Gemfile.next.lock @@ -1,6 +1,6 @@ GIT remote: https://github.com/fastruby/styleguide.git - revision: 3b600d291f1c712c747dbc99a5fb952957fef2b1 + revision: 72e40c19980e37acaccb741dc1a8a47e3242cba3 branch: gh-pages specs: fastruby-styleguide (0.1.0) @@ -11,127 +11,135 @@ GIT rails (>= 5.2.1) sass-rails (>= 5.0) -GIT - remote: https://github.com/rails/rails.git - revision: 7179dcb269b6cd9fa7504c9bfbe9585021ba8784 - branch: main +GEM + remote: https://rubygems.org/ specs: - actioncable (7.0.0.alpha) - actionpack (= 7.0.0.alpha) - activesupport (= 7.0.0.alpha) + actioncable (7.1.6) + actionpack (= 7.1.6) + activesupport (= 7.1.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.0.alpha) - actionpack (= 7.0.0.alpha) - activejob (= 7.0.0.alpha) - activerecord (= 7.0.0.alpha) - activestorage (= 7.0.0.alpha) - activesupport (= 7.0.0.alpha) + zeitwerk (~> 2.6) + actionmailbox (7.1.6) + actionpack (= 7.1.6) + activejob (= 7.1.6) + activerecord (= 7.1.6) + activestorage (= 7.1.6) + activesupport (= 7.1.6) mail (>= 2.7.1) - actionmailer (7.0.0.alpha) - actionpack (= 7.0.0.alpha) - actionview (= 7.0.0.alpha) - activejob (= 7.0.0.alpha) - activesupport (= 7.0.0.alpha) + net-imap + net-pop + net-smtp + actionmailer (7.1.6) + actionpack (= 7.1.6) + actionview (= 7.1.6) + activejob (= 7.1.6) + activesupport (= 7.1.6) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (7.0.0.alpha) - actionview (= 7.0.0.alpha) - activesupport (= 7.0.0.alpha) - rack (~> 2.0, >= 2.2.0) + net-imap + net-pop + net-smtp + rails-dom-testing (~> 2.2) + actionpack (7.1.6) + actionview (= 7.1.6) + activesupport (= 7.1.6) + cgi + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.0.alpha) - actionpack (= 7.0.0.alpha) - activerecord (= 7.0.0.alpha) - activestorage (= 7.0.0.alpha) - activesupport (= 7.0.0.alpha) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.6) + actionpack (= 7.1.6) + activerecord (= 7.1.6) + activestorage (= 7.1.6) + activesupport (= 7.1.6) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.0.alpha) - activesupport (= 7.0.0.alpha) + actionview (7.1.6) + activesupport (= 7.1.6) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.0.alpha) - activesupport (= 7.0.0.alpha) + cgi + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (7.1.6) + activesupport (= 7.1.6) globalid (>= 0.3.6) - activemodel (7.0.0.alpha) - activesupport (= 7.0.0.alpha) - activerecord (7.0.0.alpha) - activemodel (= 7.0.0.alpha) - activesupport (= 7.0.0.alpha) - activestorage (7.0.0.alpha) - actionpack (= 7.0.0.alpha) - activejob (= 7.0.0.alpha) - activerecord (= 7.0.0.alpha) - activesupport (= 7.0.0.alpha) - marcel (~> 1.0.0) - mini_mime (>= 1.1.0) - activesupport (7.0.0.alpha) + activemodel (7.1.6) + activesupport (= 7.1.6) + activerecord (7.1.6) + activemodel (= 7.1.6) + activesupport (= 7.1.6) + timeout (>= 0.4.0) + activestorage (7.1.6) + actionpack (= 7.1.6) + activejob (= 7.1.6) + activerecord (= 7.1.6) + activesupport (= 7.1.6) + marcel (~> 1.0) + activesupport (7.1.6) + base64 + benchmark (>= 0.3) + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) + mutex_m + securerandom (>= 0.3) tzinfo (~> 2.0) - zeitwerk (~> 2.3) - rails (7.0.0.alpha) - actioncable (= 7.0.0.alpha) - actionmailbox (= 7.0.0.alpha) - actionmailer (= 7.0.0.alpha) - actionpack (= 7.0.0.alpha) - actiontext (= 7.0.0.alpha) - actionview (= 7.0.0.alpha) - activejob (= 7.0.0.alpha) - activemodel (= 7.0.0.alpha) - activerecord (= 7.0.0.alpha) - activestorage (= 7.0.0.alpha) - activesupport (= 7.0.0.alpha) - bundler (>= 1.15.0) - railties (= 7.0.0.alpha) - sprockets-rails (>= 2.0.0) - railties (7.0.0.alpha) - actionpack (= 7.0.0.alpha) - activesupport (= 7.0.0.alpha) - method_source - rake (>= 0.13) - thor (~> 1.0) - -GEM - remote: https://rubygems.org/ - specs: - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) - ast (2.4.2) - autoprefixer-rails (10.2.5.1) - execjs (> 0) - aws-sdk (2.3.23) - aws-sdk-resources (= 2.3.23) - aws-sdk-core (2.3.23) - jmespath (~> 1.0) - aws-sdk-resources (2.3.23) - aws-sdk-core (= 2.3.23) + addressable (2.9.0) + public_suffix (>= 2.0.2, < 8.0) + ast (2.4.3) + autoprefixer-rails (10.4.21.0) + execjs (~> 2) + aws-eventstream (1.4.0) + aws-partitions (1.1266.0) + aws-sdk-core (3.252.0) + aws-eventstream (~> 1, >= 1.3.0) + aws-partitions (~> 1, >= 1.992.0) + aws-sigv4 (~> 1.9) + base64 + bigdecimal + jmespath (~> 1, >= 1.6.1) + logger + aws-sdk-kms (1.129.0) + aws-sdk-core (~> 3, >= 3.248.0) + aws-sigv4 (~> 1.5) + aws-sdk-s3 (1.226.0) + aws-sdk-core (~> 3, >= 3.248.0) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.5) + aws-sigv4 (1.12.1) + aws-eventstream (~> 1, >= 1.0.2) + base64 (0.3.0) + benchmark (0.5.0) + bigdecimal (4.1.2) bindex (0.8.1) bootstrap-sass (3.4.1) autoprefixer-rails (>= 5.2.1) sassc (>= 2.0.0) - builder (3.2.4) - bundler-audit (0.8.0) - bundler (>= 1.2.0, < 3) + builder (3.3.0) + bundler-audit (0.9.3) + bundler (>= 1.2.0) thor (~> 1.0) - byebug (11.1.3) - capybara (2.18.0) + capybara (3.40.0) addressable + matrix mini_mime (>= 0.1.3) - nokogiri (>= 1.3.3) - rack (>= 1.0.0) - rack-test (>= 0.5.4) - xpath (>= 2.0, < 4.0) - childprocess (3.0.0) - climate_control (0.2.0) + nokogiri (~> 1.11) + rack (>= 1.6.0) + rack-test (>= 0.6.3) + regexp_parser (>= 1.5, < 3.0) + xpath (~> 3.2) + cgi (0.5.2) + climate_control (1.2.0) clipboard-rails (1.7.1) - cocaine (0.5.8) - climate_control (>= 0.0.3, < 1.0) coffee-rails (5.0.0) coffee-script (>= 2.2.0) railties (>= 5.2.0) @@ -139,132 +147,225 @@ GEM coffee-script-source execjs coffee-script-source (1.12.2) - concurrent-ruby (1.1.9) - crass (1.0.6) - diff-lcs (1.4.4) - dotenv (2.7.6) - dotenv-rails (2.7.6) - dotenv (= 2.7.6) + concurrent-ruby (1.3.4) + connection_pool (3.0.2) + crass (1.0.7) + date (3.5.1) + dotenv (2.8.1) + dotenv-rails (2.8.1) + dotenv (= 2.8.1) railties (>= 3.2) - erubi (1.10.0) - execjs (2.8.1) - ffi (1.15.3) - font-awesome-rails (4.7.0.7) - railties (>= 3.2, < 7) - globalid (0.4.2) - activesupport (>= 4.2.0) - i18n (1.8.10) + drb (2.2.3) + dry-configurable (1.3.0) + dry-core (~> 1.1) + zeitwerk (~> 2.6) + dry-core (1.2.0) + concurrent-ruby (~> 1.0) + logger + zeitwerk (~> 2.6) + dry-inflector (1.3.1) + dry-initializer (3.2.0) + dry-logic (1.6.0) + bigdecimal + concurrent-ruby (~> 1.0) + dry-core (~> 1.1) + zeitwerk (~> 2.6) + dry-schema (1.16.0) concurrent-ruby (~> 1.0) - jbuilder (2.11.2) + dry-configurable (~> 1.0, >= 1.0.1) + dry-core (~> 1.1) + dry-initializer (~> 3.2) + dry-logic (~> 1.6) + dry-types (~> 1.9, >= 1.9.1) + zeitwerk (~> 2.6) + dry-types (1.9.1) + bigdecimal (>= 3.0) + concurrent-ruby (~> 1.0) + dry-core (~> 1.0) + dry-inflector (~> 1.0) + dry-logic (~> 1.4) + zeitwerk (~> 2.6) + erb (6.0.4) + erubi (1.13.1) + execjs (2.10.1) + ffi (1.17.4) + font-awesome-rails (4.7.0.9) + railties (>= 3.2, < 9.0) + globalid (1.4.0) + activesupport (>= 6.1) + i18n (1.15.2) + concurrent-ruby (~> 1.0) + io-console (0.8.2) + irb (1.18.0) + pp (>= 0.6.0) + prism (>= 1.3.0) + rdoc (>= 4.0.0) + reline (>= 0.4.2) + jbuilder (2.13.0) + actionview (>= 5.0.0) activesupport (>= 5.0.0) - jmespath (1.4.0) - jquery-rails (4.4.0) + jmespath (1.6.2) + jquery-rails (4.6.1) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) thor (>= 0.14, < 2.0) - kwalify (0.7.2) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) - loofah (2.10.0) + json (2.20.0) + kt-paperclip (8.0.0) + activemodel (>= 4.2.0) + activesupport (>= 4.2.0) + marcel (>= 1.0.1) + mime-types + terrapin (>= 0.6.0) + language_server-protocol (3.17.0.6) + listen (3.10.0) + logger + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) + logger (1.7.0) + loofah (2.25.1) crass (~> 1.0.2) - nokogiri (>= 1.5.9) - mail (2.7.1) + nokogiri (>= 1.12.0) + mail (2.9.1) + logger mini_mime (>= 0.1.1) - marcel (1.0.1) + net-imap + net-pop + net-smtp + marcel (1.2.1) material_design_lite-sass (1.3.0.1) autoprefixer-rails (>= 6.5) sass (>= 3.3) - method_source (1.0.0) - mime-types (3.3.1) - mime-types-data (~> 3.2015) - mime-types-data (3.2021.0225) - mimemagic (0.3.10) - nokogiri (~> 1) - rake - mini_mime (1.1.0) - mini_portile2 (2.3.0) - minitest (5.14.4) - nio4r (2.5.7) - nokogiri (1.8.5) - mini_portile2 (~> 2.3.0) - paperclip (5.2.1) - activemodel (>= 4.2.0) - activesupport (>= 4.2.0) - cocaine (~> 0.5.5) - mime-types - mimemagic (~> 0.3.0) - parallel (1.20.1) - parser (3.0.2.0) + matrix (0.4.3) + mime-types (3.7.0) + logger + mime-types-data (~> 3.2025, >= 3.2025.0507) + mime-types-data (3.2026.0701) + mini_mime (1.1.5) + mini_portile2 (2.8.9) + minitest (5.27.0) + mutex_m (0.3.0) + net-imap (0.6.4.1) + date + net-protocol + net-pop (0.1.2) + net-protocol + net-protocol (0.2.2) + timeout + net-smtp (0.5.1) + net-protocol + next_rails (1.6.0) + nio4r (2.7.5) + nokogiri (1.19.4) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + parallel (1.28.0) + parser (3.3.11.1) ast (~> 2.4.1) - pg (1.2.3) - popper_js (2.9.2) - psych (3.3.2) - public_suffix (4.0.6) + racc + pg (1.6.3) + popper_js (2.11.8) + pp (0.6.4) + prettyprint + prettyprint (0.2.0) + prism (1.9.0) + public_suffix (7.0.5) puma (3.12.6) - rack (2.2.3) - rack-test (1.1.0) - rack (>= 1.0, < 3) - rails-dom-testing (2.0.3) - activesupport (>= 4.2.0) + racc (1.8.1) + rack (2.2.23) + rack-session (1.0.2) + rack (< 3) + rack-test (2.2.0) + rack (>= 1.3) + rackup (1.0.1) + rack (< 3) + webrick + rails (7.1.6) + actioncable (= 7.1.6) + actionmailbox (= 7.1.6) + actionmailer (= 7.1.6) + actionpack (= 7.1.6) + actiontext (= 7.1.6) + actionview (= 7.1.6) + activejob (= 7.1.6) + activemodel (= 7.1.6) + activerecord (= 7.1.6) + activestorage (= 7.1.6) + activesupport (= 7.1.6) + bundler (>= 1.15.0) + railties (= 7.1.6) + rails-dom-testing (2.3.0) + activesupport (>= 5.0.0) + minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.3.0) - loofah (~> 2.3) - rainbow (3.0.0) - rake (13.0.3) - rb-fsevent (0.11.0) - rb-inotify (0.10.1) + rails-html-sanitizer (1.7.0) + loofah (~> 2.25) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) + railties (7.1.6) + actionpack (= 7.1.6) + activesupport (= 7.1.6) + cgi + irb + rackup (>= 1.0.0) + rake (>= 12.2) + thor (~> 1.0, >= 1.2.2) + tsort (>= 0.2) + zeitwerk (~> 2.6) + rainbow (3.1.1) + rake (13.4.2) + rb-fsevent (0.11.2) + rb-inotify (0.11.1) ffi (~> 1.0) - redcarpet (3.5.1) - reek (6.0.4) - kwalify (~> 0.7.0) - parser (~> 3.0.0) - psych (~> 3.1) + rbs (4.0.3) + logger + prism (>= 1.6.0) + tsort + rdoc (8.0.0) + erb + prism (>= 1.6.0) + rbs (>= 4.0.0) + tsort + redcarpet (3.6.1) + reek (6.5.0) + dry-schema (~> 1.13) + logger (~> 1.6) + parser (~> 3.3.0) rainbow (>= 2.0, < 4.0) - regexp_parser (2.1.1) - rexml (3.2.5) - rspec-core (3.10.1) - rspec-support (~> 3.10.0) - rspec-expectations (3.10.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-mocks (3.10.2) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.10.0) - rspec-rails (5.0.1) - actionpack (>= 5.2) - activesupport (>= 5.2) - railties (>= 5.2) - rspec-core (~> 3.10) - rspec-expectations (~> 3.10) - rspec-mocks (~> 3.10) - rspec-support (~> 3.10) - rspec-support (3.10.2) - rubocop (1.18.3) + rexml (~> 3.1) + regexp_parser (2.12.0) + reline (0.6.3) + io-console (~> 0.5) + rexml (3.4.4) + rubocop (1.59.0) + json (~> 2.3) + language_server-protocol (>= 3.17.0) parallel (~> 1.10) - parser (>= 3.0.0.0) + parser (>= 3.2.2.4) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.8, < 3.0) - rexml - rubocop-ast (>= 1.7.0, < 2.0) + rexml (>= 3.2.5, < 4.0) + rubocop-ast (>= 1.30.0, < 2.0) ruby-progressbar (~> 1.7) - unicode-display_width (>= 1.4.0, < 3.0) - rubocop-ast (1.7.0) - parser (>= 3.0.1.1) - rubocop-performance (1.11.4) - rubocop (>= 1.7.0, < 2.0) - rubocop-ast (>= 0.4.0) - rubocop-rails (2.11.3) + unicode-display_width (>= 2.4.0, < 3.0) + rubocop-ast (1.30.0) + parser (>= 3.2.1.0) + rubocop-minitest (0.34.5) + rubocop (>= 1.39, < 2.0) + rubocop-ast (>= 1.30.0, < 2.0) + rubocop-performance (1.20.2) + rubocop (>= 1.48.1, < 2.0) + rubocop-ast (>= 1.30.0, < 2.0) + rubocop-rails (2.23.1) activesupport (>= 4.2.0) rack (>= 1.1) - rubocop (>= 1.7.0, < 2.0) - rubocop-rspec (2.4.0) - rubocop (~> 1.0) - rubocop-ast (>= 1.1.0) - ruby-progressbar (1.11.0) - ruby_dep (1.5.0) - rubyzip (2.3.1) + rubocop (>= 1.33.0, < 2.0) + rubocop-ast (>= 1.30.0, < 2.0) + rubocop-rails-omakase (1.0.0) + rubocop + rubocop-minitest + rubocop-performance + rubocop-rails + ruby-progressbar (1.13.0) + rubyzip (2.4.1) sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) @@ -278,39 +379,46 @@ GEM tilt (>= 1.1, < 3) sassc (2.4.0) ffi (~> 1.9) - selenium-webdriver (3.142.7) - childprocess (>= 0.5, < 4.0) - rubyzip (>= 1.2.2) - spring (2.1.1) - spring-watcher-listen (2.0.1) + securerandom (0.4.1) + selenium-webdriver (4.9.0) + rexml (~> 3.2, >= 3.2.5) + rubyzip (>= 1.2.2, < 3.0) + websocket (~> 1.0) + spring (4.7.0) + spring-watcher-listen (2.1.0) listen (>= 2.7, < 4.0) - spring (>= 1.2, < 3.0) - sprockets (3.7.2) + spring (>= 4) + sprockets (3.7.5) + base64 concurrent-ruby (~> 1.0) rack (> 1, < 3) - sprockets-rails (3.2.2) - actionpack (>= 4.0) - activesupport (>= 4.0) + sprockets-rails (3.5.2) + actionpack (>= 6.1) + activesupport (>= 6.1) sprockets (>= 3.0.0) - standard (1.1.5) - rubocop (= 1.18.3) - rubocop-performance (= 1.11.4) - thor (1.1.0) - tilt (2.0.10) + terrapin (1.1.1) + climate_control + thor (1.5.0) + tilt (2.8.0) + timeout (0.6.1) + tsort (0.2.0) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) - tzinfo (2.0.4) + tzinfo (2.0.6) concurrent-ruby (~> 1.0) - uglifier (4.2.0) + uglifier (4.2.1) execjs (>= 0.3.0, < 3) - unicode-display_width (2.0.0) - web-console (4.1.0) + unicode-display_width (2.6.0) + web-console (4.2.1) actionview (>= 6.0.0) activemodel (>= 6.0.0) bindex (>= 0.4.0) railties (>= 6.0.0) - websocket-driver (0.7.5) + webrick (1.9.2) + websocket (1.2.11) + websocket-driver (0.8.2) + base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) wicked_pdf (1.4.0) @@ -318,39 +426,37 @@ GEM wkhtmltopdf-binary (0.12.3.1) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.4.2) + zeitwerk (2.8.2) PLATFORMS ruby - x86_64-darwin-20 DEPENDENCIES - aws-sdk (~> 2.3.0) + aws-sdk-s3 bundler-audit - byebug - capybara (~> 2.13) + capybara (~> 3.40) clipboard-rails coffee-rails (~> 5.0) + concurrent-ruby (< 1.3.5) dotenv-rails fastruby-styleguide! - font-awesome-rails + font-awesome-rails (>= 4.7.0.9) jbuilder (~> 2.5) - listen (>= 3.0.5, < 3.2) - nokogiri (~> 1.8.2) - paperclip (~> 5.2.1) + kt-paperclip (~> 8.0.0) + listen (>= 3.5) + minitest (< 6) + next_rails + nokogiri (>= 1.13.0) pg (~> 1.1) puma (~> 3.7) - rails! + rails (>= 7.1.0, < 7.2.0) redcarpet reek - rspec-rails - rubocop-rails - rubocop-rspec + rubocop-rails-omakase sass-rails (~> 5.0) selenium-webdriver spring - spring-watcher-listen (~> 2.0.0) - standard + spring-watcher-listen (~> 2.1.0) turbolinks (~> 5) tzinfo-data uglifier (>= 1.3.0) @@ -359,7 +465,7 @@ DEPENDENCIES wkhtmltopdf-binary (= 0.12.3.1) RUBY VERSION - ruby 2.7.2p137 + ruby 3.2.11p268 BUNDLED WITH 2.2.21 diff --git a/README.md b/README.md index 6f576cf..80afa55 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ You should be able to go to http://localhost:3000 and see the landing page. ## Running tests - rails spec + rails test ## Contributing diff --git a/app/assets/javascripts/cable.js b/app/assets/javascripts/cable.js deleted file mode 100644 index 739aa5f..0000000 --- a/app/assets/javascripts/cable.js +++ /dev/null @@ -1,13 +0,0 @@ -// Action Cable provides the framework to deal with WebSockets in Rails. -// You can generate new channels where WebSocket features live using the `rails generate channel` command. -// -//= require action_cable -//= require_self -//= require_tree ./channels - -(function() { - this.App || (this.App = {}); - - App.cable = ActionCable.createConsumer(); - -}).call(this); diff --git a/app/channels/application_cable/channel.rb b/app/channels/application_cable/channel.rb deleted file mode 100644 index d672697..0000000 --- a/app/channels/application_cable/channel.rb +++ /dev/null @@ -1,4 +0,0 @@ -module ApplicationCable - class Channel < ActionCable::Channel::Base - end -end diff --git a/app/channels/application_cable/connection.rb b/app/channels/application_cable/connection.rb deleted file mode 100644 index 0ff5442..0000000 --- a/app/channels/application_cable/connection.rb +++ /dev/null @@ -1,4 +0,0 @@ -module ApplicationCable - class Connection < ActionCable::Connection::Base - end -end diff --git a/app/controllers/gemfiles_controller.rb b/app/controllers/gemfiles_controller.rb index b91dee2..c145222 100644 --- a/app/controllers/gemfiles_controller.rb +++ b/app/controllers/gemfiles_controller.rb @@ -25,8 +25,9 @@ def show format.html format.pdf do render pdf: "vulnerabilities_list", - template: "gemfiles/show.html.erb", - layout: 'pdf.html' + template: "gemfiles/show", + formats: [:html], + layout: 'pdf' end end end diff --git a/app/helpers/home_helper.rb b/app/helpers/home_helper.rb deleted file mode 100644 index 23de56a..0000000 --- a/app/helpers/home_helper.rb +++ /dev/null @@ -1,2 +0,0 @@ -module HomeHelper -end diff --git a/app/models/gemfile.rb b/app/models/gemfile.rb index c11f4e8..8498a9b 100644 --- a/app/models/gemfile.rb +++ b/app/models/gemfile.rb @@ -21,7 +21,7 @@ class Gemfile < ApplicationRecord # validates_attachment_content_type :file, content_type: /\Aimage\/.*\z/ def check_with_bundler_audit - @result = { warnings: [], advisories: [] } + @result = {warnings: [], advisories: []} scanner.scan do |result| case result @@ -60,7 +60,7 @@ def temp_file suffix = ".lock" @temp_file = Tempfile.new [prefix, suffix], "#{Rails.root}/tmp" uri = "https:#{file.url}" - @temp_file.write(open(uri).read) + @temp_file.write(URI.open(uri).read) @temp_file.close @temp_file end diff --git a/config/application.rb b/config/application.rb index 2bce705..a09af72 100644 --- a/config/application.rb +++ b/config/application.rb @@ -18,8 +18,15 @@ class Application < Rails::Application s3_region: "us-east-1" } + # This app doesn't use ActiveStorage or ActionCable (file uploads go + # through Paperclip); stop their JS from being auto-added to the asset + # precompile list. Their modern ES6 syntax breaks Uglifier's ES5-only + # parser, which otherwise fails `assets:precompile` on unused assets. + config.active_storage.precompile_assets = false + config.action_cable.precompile_assets = false + # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 5.1 + config.load_defaults 7.1 # Settings in config/environments/* take precedence over those specified here. # Application configuration should go into files in config/initializers diff --git a/config/database.yml.sample b/config/database.yml.sample index 1546db9..265a9e3 100644 --- a/config/database.yml.sample +++ b/config/database.yml.sample @@ -9,8 +9,9 @@ default: &default encoding: unicode pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %> timeout: 5000 - host: localhost - username: + host: <%= ENV.fetch("DATABASE_HOST", "localhost") %> + username: <%= ENV.fetch("DATABASE_USERNAME", "") %> + password: <%= ENV.fetch("DATABASE_PASSWORD", "") %> development: <<: *default diff --git a/config/environments/development.rb b/config/environments/development.rb index 7f777e6..6218daf 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,4 +1,7 @@ Rails.application.configure do + # Moved off config/secrets.yml (removed in Rails 7.2); same value as before. + config.secret_key_base = "3c588677c611cb6c1945643fee0f6e3bcb1fbd734bbdc126022ea95d10c6cad4547ac3839e348a5d8cb1e76bb97d516c12426f20d3fdeb275700df561bc73311" + config.paperclip_defaults = { storage: :filesystem, path: "#{Rails.root}/spec/test_files/:class/:id_partition/:style.:extension" @@ -8,7 +11,7 @@ # In the development environment your application's code is reloaded on # every request. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. - config.cache_classes = false + config.enable_reloading = true # Do not eager load code on boot. config.eager_load = false diff --git a/config/environments/production.rb b/config/environments/production.rb index 3671f4f..3b07ff5 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,8 +1,11 @@ Rails.application.configure do + # Moved off config/secrets.yml (removed in Rails 7.2); same source as before. + config.secret_key_base = ENV["SECRET_KEY_BASE"] + # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. - config.cache_classes = true + config.enable_reloading = false # Eager load code on boot. This eager loads most of Rails and # your application in memory, allowing both threaded web servers @@ -52,7 +55,7 @@ config.log_level = :debug # Prepend all log lines with the following tags. - config.log_tags = [ :request_id ] + config.log_tags = [:request_id] # Use a different cache store in production. # config.cache_store = :mem_cache_store diff --git a/config/environments/test.rb b/config/environments/test.rb index 43cd9e4..c03c289 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,7 +1,10 @@ Rails.application.configure do + # Moved off config/secrets.yml (removed in Rails 7.2); same value as before. + config.secret_key_base = "df266f64098fc45cc7d78a5930526841b54a064f83f5f7fc56b490dcff30fe525366f24cf70a9b6f43020293064594f44b6c0103af7eaf4a9edf8f3146221827" + config.paperclip_defaults = { storage: :filesystem, - path: "#{Rails.root}/spec/test_files/:class/:id_partition/:style.:extension" + path: "#{Rails.root}/test/test_files/:class/:id_partition/:style.:extension" } # Settings specified here will take precedence over those in config/application.rb. @@ -10,7 +13,7 @@ # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped # and recreated between test runs. Don't rely on the data there! - config.cache_classes = true + config.enable_reloading = false # Do not eager load code on boot. This avoids loading your whole application # just for the purpose of running a single test. If you are using a tool that @@ -28,7 +31,7 @@ config.action_controller.perform_caching = false # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + config.action_dispatch.show_exceptions = :none # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index c5ca96d..f636836 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -14,3 +14,12 @@ # Rails.application.config.assets.precompile += %w( admin.js admin.css ) Rails.application.config.assets.precompile += %w(pdf.scss) + +# This app doesn't use ActionText (no rich_text fields); it has no +# precompile_assets opt-out flag like ActiveStorage/ActionCable, so remove +# its auto-added JS directly. Same ES6-vs-Uglifier problem as the other two. +# Must happen in after_initialize: ActionText's own engine initializer adds +# these entries, and it runs after this file, re-adding them if subtracted here. +Rails.application.config.after_initialize do + Rails.application.config.assets.precompile -= %w(actiontext.js actiontext.esm.js trix.js trix.css) +end diff --git a/config/initializers/paperclip.rb b/config/initializers/paperclip.rb index 9034042..bc01cda 100644 --- a/config/initializers/paperclip.rb +++ b/config/initializers/paperclip.rb @@ -1 +1 @@ -Paperclip.options[:content_type_mappings] = { lock: 'text/plain' } +Paperclip.options[:content_type_mappings] = {lock: 'text/plain'} diff --git a/config/secrets.yml b/config/secrets.yml deleted file mode 100644 index b40d8a0..0000000 --- a/config/secrets.yml +++ /dev/null @@ -1,32 +0,0 @@ -# Be sure to restart your server when you modify this file. - -# Your secret key is used for verifying the integrity of signed cookies. -# If you change this key, all old signed cookies will become invalid! - -# Make sure the secret is at least 30 characters and all random, -# no regular words or you'll be exposed to dictionary attacks. -# You can use `rails secret` to generate a secure secret key. - -# Make sure the secrets in this file are kept private -# if you're sharing your code publicly. - -# Shared secrets are available across all environments. - -# shared: -# api_key: a1B2c3D4e5F6 - -# Environmental secrets are only available for that specific environment. - -development: - secret_key_base: 3c588677c611cb6c1945643fee0f6e3bcb1fbd734bbdc126022ea95d10c6cad4547ac3839e348a5d8cb1e76bb97d516c12426f20d3fdeb275700df561bc73311 - -test: - secret_key_base: df266f64098fc45cc7d78a5930526841b54a064f83f5f7fc56b490dcff30fe525366f24cf70a9b6f43020293064594f44b6c0103af7eaf4a9edf8f3146221827 - -# Do not keep production secrets in the unencrypted secrets file. -# Instead, either read values from the environment. -# Or, use `bin/rails secrets:setup` to configure encrypted secrets -# and move the `production:` environment over there. - -production: - secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> diff --git a/config/spring.rb b/config/spring.rb index c9119b4..8b60e47 100644 --- a/config/spring.rb +++ b/config/spring.rb @@ -1,6 +1,12 @@ -%w( +%w[ .ruby-version .rbenv-vars tmp/restart.txt tmp/caching-dev.txt -).each { |path| Spring.watch(path) } +].each { |path| Spring.watch(path) } + +# Test env intentionally runs with config.enable_reloading = false for +# performance/correctness; Spring's reloader requirement doesn't apply +# there since a single spring-preloaded process doesn't need to reload +# code mid-suite. +Spring.dangerously_allow_disabling_reloading = true diff --git a/config/storage.yml b/config/storage.yml new file mode 100644 index 0000000..695f17b --- /dev/null +++ b/config/storage.yml @@ -0,0 +1,7 @@ +test: + service: Disk + root: <%= Rails.root.join("tmp/storage") %> + +local: + service: Disk + root: <%= Rails.root.join("storage") %> diff --git a/db/schema.rb b/db/schema.rb index c11571d..24a0cd6 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -2,16 +2,15 @@ # of editing this file, please use the migrations feature of Active Record to # incrementally modify your database, and then regenerate this schema definition. # -# Note that this schema.rb definition is the authoritative source for your -# database schema. If you need to create the application database on another -# system, you should be using db:schema:load, not running all the migrations -# from scratch. The latter is a flawed and unsustainable approach (the more migrations -# you'll amass, the slower it'll run and the greater likelihood for issues). +# This file is the source Rails uses to define your schema when running `bin/rails +# db:schema:load`. When creating a new database, `bin/rails db:schema:load` tends to +# be faster and is potentially less error prone than running all of your +# migrations from scratch. Old migrations may fail to apply correctly if those +# migrations use external dependencies or application code. # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20180325143727) do - +ActiveRecord::Schema[7.1].define(version: 2018_03_25_143727) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -19,9 +18,9 @@ t.string "file_file_name" t.string "file_content_type" t.integer "file_file_size" - t.datetime "file_updated_at" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.datetime "file_updated_at", precision: nil + t.datetime "created_at", precision: nil, null: false + t.datetime "updated_at", precision: nil, null: false t.string "alpha_id" end diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..4fa8523 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,66 @@ +services: + db: + image: postgres:13 + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + volumes: + - db_data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + + web: + build: . + # wkhtmltopdf-binary ships a 32-bit x86 binary; arm64 hosts can't run i386 + # via multiarch (only amd64+i386 is a valid pairing), so force amd64 here. + platform: linux/amd64 + command: bundle exec rails server -b 0.0.0.0 + volumes: + - .:/app + ports: + - "3000:3000" + environment: + RAILS_ENV: development + DATABASE_HOST: db + DATABASE_USERNAME: postgres + DATABASE_PASSWORD: postgres + depends_on: + db: + condition: service_healthy + stdin_open: true + tty: true + + web_next: + # Reuse the image built for `web` (compose tags it -web, i.e. + # audit-web) instead of building a second image. Only BUNDLE_GEMFILE + # differs, so a separate build is unnecessary. (Not using `extends` here: + # it merges array fields like `ports` instead of overriding them, which + # would leak web's 3000:3000 mapping into this service too.) + image: audit-web + platform: linux/amd64 + # Distinct pidfile: web and web_next share the same bind-mounted /app, so + # they'd otherwise race on tmp/pids/server.pid and refuse to boot together. + command: bundle exec rails server -b 0.0.0.0 --pid tmp/pids/server_next.pid + volumes: + - .:/app + ports: + - "3001:3000" + environment: + RAILS_ENV: development + DATABASE_HOST: db + DATABASE_USERNAME: postgres + DATABASE_PASSWORD: postgres + BUNDLE_GEMFILE: Gemfile.next + depends_on: + db: + condition: service_healthy + web: + condition: service_started + stdin_open: true + tty: true + +volumes: + db_data: diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh new file mode 100644 index 0000000..3159ea6 --- /dev/null +++ b/docker/entrypoint.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +set -e + +if [ ! -f config/database.yml ]; then + cp config/database.yml.sample config/database.yml +fi + +if [ ! -f .env ]; then + cp .env.sample .env +fi + +rm -f tmp/pids/server.pid tmp/pids/server_next.pid + +# web and web_next share the same database and both run db:prepare on boot. +# If they start around the same time, ActiveRecord's migration lock makes the +# second one fail with ConcurrentMigrationError; retry instead of giving up, +# since the migration itself is a no-op once the first process finishes. +for attempt in 1 2 3 4 5; do + if bundle exec rails db:prepare; then + break + elif [ "$attempt" -eq 5 ]; then + echo "db:prepare failed after $attempt attempts" >&2 + exit 1 + else + echo "db:prepare failed (attempt $attempt/5), retrying in 3s..." >&2 + sleep 3 + fi +done + +exec "$@" diff --git a/spec/controllers/gemfiles_controller_spec.rb b/spec/controllers/gemfiles_controller_spec.rb deleted file mode 100644 index 81a8b99..0000000 --- a/spec/controllers/gemfiles_controller_spec.rb +++ /dev/null @@ -1,76 +0,0 @@ -require "rails_helper" - -RSpec.describe GemfilesController, type: :controller do - render_views - - describe "#create" do - context "when file is empty" do - let(:msg) do - "File can't be blank" - end - - it "returns an error message" do - post :create - - expect(flash[:error]).to eq(msg) - end - end - - context "when Gemfile.lock is invalid" do - let(:file) do - File.new("#{Rails.root}/spec/support/fixtures/corrupt.lock") - end - let(:file_upload) do - fixture_file_upload(file) - end - let(:msg_1) do - "File has contents that are not what they are reported to be" - end - let(:msg_2) do - "File is invalid" - end - let(:msg_3) do - "File content type is invalid" - end - - before do - post :create, params: { gemfile: { file: file_upload } } - end - - it "redirects to the homepage" do - expect(response).to redirect_to(root_path) - end - - it "loads an error message in flash[:error]" do - expect(flash[:error]).to include(msg_1) - expect(flash[:error]).to include(msg_2) - expect(flash[:error]).to include(msg_3) - end - end - end - - describe "#show" do - let(:file) do - File.new("#{Rails.root}/spec/support/fixtures/Gemfile.lock") - end - subject { Gemfile.create(file: file) } - - context "when trying to find gemfile by id" do - it "won't find any" do - expect do - get :show, params: { id: subject.id } - end.to raise_error(ActiveRecord::RecordNotFound) - end - end - - context "when trying to find gemfile by alpha id" do - let(:message) { "No vulnerabilities found!" } - - it "will find it" do - get :show, params: { id: subject.alpha_id } - - expect(response).to be_ok - end - end - end -end diff --git a/spec/models/gemfile_spec.rb b/spec/models/gemfile_spec.rb deleted file mode 100644 index 7a1d9a4..0000000 --- a/spec/models/gemfile_spec.rb +++ /dev/null @@ -1,126 +0,0 @@ -require "rails_helper" - -RSpec.describe Gemfile do - class BundlerAuditScannerStub - attr_reader :vulnerabilities - - def initialize(vulnerabilities) - @vulnerabilities = vulnerabilities - end - - def scan(&block) - vulnerabilities.each { |v| block.call(v) } - end - end - - let(:file) do - File.new("#{Rails.root}/spec/support/fixtures/Gemfile.lock") - end - let(:vulnerabilities) { [] } - let(:bundler_audit_scanner) { BundlerAuditScannerStub.new(vulnerabilities) } - - before do - allow(Bundler::Audit::Scanner).to receive(:new).and_return(bundler_audit_scanner) - end - - subject { Gemfile.new(file: file) } - - describe "#valid?" do - let(:alpha_id_size) { 8 } - - context "when subject is valid" do - it "returns true and generates alpha_id" do - expect(subject).to be_valid - expect(subject.alpha_id.size).to eq(alpha_id_size) - end - end - - context "when subject is invalid" do - let(:file) do - File.new("#{Rails.root}/Gemfile") - end - let(:messages) do - ["File file name is invalid", "File is invalid"] - end - - it "returns false" do - expect(subject).not_to be_valid - expect(subject.errors.full_messages).to eq messages - end - - context "when file is nil" do - let(:file) { nil } - - it "returns false" do - expect(subject).not_to be_valid - expect(subject.errors.full_messages).to eq ["File can't be blank"] - end - end - end - end - - describe "#check_with_bundler_audit" do - context "when Gemfile.lock is not vulnerable" do - it "returns empty default hash" do - expect(subject.save).to be_truthy - expect(subject.check_with_bundler_audit).to eq({warnings: [], advisories: []}) - end - end - - context "when Gemfile.lock is vulnerable" do - let(:vulnerabilities) do - [ - Bundler::Audit::Results::InsecureSource.new("http://rubygems.org/"), - Bundler::Audit::Results::UnpatchedGem.new( - OpenStruct.new(name: 'actionmailer', version: '3.0.1'), - OpenStruct.new({ - id: 'OSVDB-98629', - url: 'http://www.osvdb.org/show/osvdb/98629', - title: 'Action Mailer Gem for Ruby contains a possible DoS Vulnerability', - description: 'Action Mailer Gem for Ruby contains a format string flaw in the Log Subscriber component. The issue is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input when handling email addresses. This may allow a remote attacker to cause a denial of service' - }) - ), - Bundler::Audit::Results::UnpatchedGem.new( - OpenStruct.new(name: 'actionpack', version: '3.0.1'), - OpenStruct.new({ - id: 'CVE-2014-7829', - url: 'https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk', - title: 'Arbitrary file existence disclosure in Action Pack', - description: "Specially crafted requests can be used to determine whether a file exists on\nthe filesystem that is outside the Rails application's root directory. The\nfiles will not be served, but attackers can determine whether or not the file\nexists. This vulnerability is very similar to CVE-2014-7818, but the\nspecially crafted string is slightly different.\n" - }) - ), - Bundler::Audit::Results::UnpatchedGem.new( - OpenStruct.new(name: 'actionpack', version: '3.0.1'), - OpenStruct.new({ - id: 'CVE-2014-7830', - url: 'https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRC321', - title: 'Arbitrary file existence disclosure in Action Pack part 2', - description: "Custom Description" - }) - ) - ] - end - - it "returns a hash with the vulnerabilities" do - expect(subject.save).to be_truthy - - result = subject.check_with_bundler_audit - - expect(result).to include(:warnings) - expect(result).to include(:advisories) - expect(result[:advisories].size).to eq(3) - expect(result[:warnings]).to eq(["Insecure Source URI found: http://rubygems.org/"]) - - last_advisory = result[:advisories].last - - expect(last_advisory[:label]).to eq("actionpack@3.0.1") - expect(last_advisory[:name]).to eq("actionpack") - expect(last_advisory[:version]).to eq("3.0.1") - expect(last_advisory[:id]).to eq("CVE-2014-7830") - expect(last_advisory[:url]).to eq("https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRC321") - expect(last_advisory[:title]).to eq("Arbitrary file existence disclosure in Action Pack part 2") - expect(last_advisory[:description]).to eq("Custom Description") - end - end - end -end diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb deleted file mode 100644 index bbe1ba5..0000000 --- a/spec/rails_helper.rb +++ /dev/null @@ -1,57 +0,0 @@ -# This file is copied to spec/ when you run 'rails generate rspec:install' -require 'spec_helper' -ENV['RAILS_ENV'] ||= 'test' -require File.expand_path('../../config/environment', __FILE__) -# Prevent database truncation if the environment is production -abort("The Rails environment is running in production mode!") if Rails.env.production? -require 'rspec/rails' -# Add additional requires below this line. Rails is not loaded until this point! - -# Requires supporting ruby files with custom matchers and macros, etc, in -# spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are -# run as spec files by default. This means that files in spec/support that end -# in _spec.rb will both be required and run as specs, causing the specs to be -# run twice. It is recommended that you do not name files matching this glob to -# end with _spec.rb. You can configure this pattern with the --pattern -# option on the command line or in ~/.rspec, .rspec or `.rspec-local`. -# -# The following line is provided for convenience purposes. It has the downside -# of increasing the boot-up time by auto-requiring all files in the support -# directory. Alternatively, in the individual `*_spec.rb` files, manually -# require only the support files necessary. -# -# Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f } - -# Checks for pending migrations and applies them before tests are run. -# If you are not using ActiveRecord, you can remove this line. -ActiveRecord::Migration.maintain_test_schema! - -RSpec.configure do |config| - # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures - config.fixture_path = "#{::Rails.root}/spec/fixtures" - - # If you're not using ActiveRecord, or you'd prefer not to run each of your - # examples within a transaction, remove the following line or assign false - # instead of true. - config.use_transactional_fixtures = true - - # RSpec Rails can automatically mix in different behaviours to your tests - # based on their file location, for example enabling you to call `get` and - # `post` in specs under `spec/controllers`. - # - # You can disable this behaviour by removing the line below, and instead - # explicitly tag your specs with their type, e.g.: - # - # RSpec.describe UsersController, :type => :controller do - # # ... - # end - # - # The different available types are documented in the features, such as in - # https://relishapp.com/rspec/rspec-rails/docs - config.infer_spec_type_from_file_location! - - # Filter lines from Rails gems in backtraces. - config.filter_rails_from_backtrace! - # arbitrary gems may also be filtered via: - # config.filter_gems_from_backtrace("gem name") -end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb deleted file mode 100644 index 6acad1c..0000000 --- a/spec/spec_helper.rb +++ /dev/null @@ -1,100 +0,0 @@ -# This file was generated by the `rails generate rspec:install` command. Conventionally, all -# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`. -# The generated `.rspec` file contains `--require spec_helper` which will cause -# this file to always be loaded, without a need to explicitly require it in any -# files. -# -# Given that it is always loaded, you are encouraged to keep this file as -# light-weight as possible. Requiring heavyweight dependencies from this file -# will add to the boot time of your test suite on EVERY test run, even for an -# individual file that may not need all of that loaded. Instead, consider making -# a separate helper file that requires the additional dependencies and performs -# the additional setup, and require it from the spec files that actually need -# it. -# -# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration -RSpec.configure do |config| - config.after(:suite) do - FileUtils.rm_rf(Dir["#{Rails.root}/spec/test_files/"]) - end - - # rspec-expectations config goes here. You can use an alternate - # assertion/expectation library such as wrong or the stdlib/minitest - # assertions if you prefer. - config.expect_with :rspec do |expectations| - # This option will default to `true` in RSpec 4. It makes the `description` - # and `failure_message` of custom matchers include text for helper methods - # defined using `chain`, e.g.: - # be_bigger_than(2).and_smaller_than(4).description - # # => "be bigger than 2 and smaller than 4" - # ...rather than: - # # => "be bigger than 2" - expectations.include_chain_clauses_in_custom_matcher_descriptions = true - end - - # rspec-mocks config goes here. You can use an alternate test double - # library (such as bogus or mocha) by changing the `mock_with` option here. - config.mock_with :rspec do |mocks| - # Prevents you from mocking or stubbing a method that does not exist on - # a real object. This is generally recommended, and will default to - # `true` in RSpec 4. - mocks.verify_partial_doubles = true - end - - # This option will default to `:apply_to_host_groups` in RSpec 4 (and will - # have no way to turn it off -- the option exists only for backwards - # compatibility in RSpec 3). It causes shared context metadata to be - # inherited by the metadata hash of host groups and examples, rather than - # triggering implicit auto-inclusion in groups with matching metadata. - config.shared_context_metadata_behavior = :apply_to_host_groups - -# The settings below are suggested to provide a good initial experience -# with RSpec, but feel free to customize to your heart's content. -=begin - # This allows you to limit a spec run to individual examples or groups - # you care about by tagging them with `:focus` metadata. When nothing - # is tagged with `:focus`, all examples get run. RSpec also provides - # aliases for `it`, `describe`, and `context` that include `:focus` - # metadata: `fit`, `fdescribe` and `fcontext`, respectively. - config.filter_run_when_matching :focus - - # Allows RSpec to persist some state between runs in order to support - # the `--only-failures` and `--next-failure` CLI options. We recommend - # you configure your source control system to ignore this file. - config.example_status_persistence_file_path = "spec/examples.txt" - - # Limits the available syntax to the non-monkey patched syntax that is - # recommended. For more details, see: - # - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/ - # - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/ - # - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode - config.disable_monkey_patching! - - # Many RSpec users commonly either run the entire suite or an individual - # file, and it's useful to allow more verbose output when running an - # individual spec file. - if config.files_to_run.one? - # Use the documentation formatter for detailed output, - # unless a formatter has already been configured - # (e.g. via a command-line flag). - config.default_formatter = "doc" - end - - # Print the 10 slowest examples and example groups at the - # end of the spec run, to help surface which specs are running - # particularly slow. - config.profile_examples = 10 - - # Run specs in random order to surface order dependencies. If you find an - # order dependency and want to debug it, you can fix the order by providing - # the seed, which is printed after each run. - # --seed 1234 - config.order = :random - - # Seed global randomization in this process using the `--seed` CLI option. - # Setting this allows you to use `--seed` to deterministically reproduce - # test failures related to randomization by passing the same `--seed` value - # as the one that triggered the failure. - Kernel.srand config.seed -=end -end diff --git a/test/application_system_test_case.rb b/test/application_system_test_case.rb index d19212a..38a39f5 100644 --- a/test/application_system_test_case.rb +++ b/test/application_system_test_case.rb @@ -1,5 +1,41 @@ require "test_helper" +require "selenium/webdriver" + +# Registered explicitly (instead of Rails' built-in :headless_chrome) so we +# can point at whichever Chromium/Chrome + driver pair is actually present -- +# Debian's chromium/chromium-driver packages in Docker, Google Chrome + +# Selenium Manager on GitHub Actions' ubuntu-latest runners. Falls back to +# Selenium Manager (Selenium's own driver auto-resolver) when no known binary +# path is found, instead of hardcoding one environment's layout. +CHROME_BINARY_PATHS = %w[ + /usr/bin/chromium + /usr/bin/chromium-browser + /usr/bin/google-chrome + /usr/bin/google-chrome-stable +].freeze + +CHROMEDRIVER_PATHS = %w[ + /usr/bin/chromedriver + /usr/lib/chromium/chromedriver +].freeze + +Capybara.register_driver :headless_chromium do |app| + options = Selenium::WebDriver::Chrome::Options.new + binary_path = CHROME_BINARY_PATHS.find { |path| File.exist?(path) } + options.binary = binary_path if binary_path + + options.add_argument("--headless=new") + options.add_argument("--no-sandbox") + options.add_argument("--disable-dev-shm-usage") + options.add_argument("--disable-gpu") + options.add_argument("--window-size=1400,1400") + + driver_path = CHROMEDRIVER_PATHS.find { |path| File.exist?(path) } + service = Selenium::WebDriver::Service.chrome(path: driver_path) if driver_path + + Capybara::Selenium::Driver.new(app, browser: :chrome, options: options, service: service) +end class ApplicationSystemTestCase < ActionDispatch::SystemTestCase - driven_by :selenium, using: :chrome, screen_size: [1400, 1400] + driven_by :headless_chromium end diff --git a/test/controllers/gemfiles_controller_test.rb b/test/controllers/gemfiles_controller_test.rb new file mode 100644 index 0000000..ec2fc73 --- /dev/null +++ b/test/controllers/gemfiles_controller_test.rb @@ -0,0 +1,47 @@ +require "test_helper" + +class GemfilesControllerTest < ActionDispatch::IntegrationTest + test "create with an empty file sets an error message in flash" do + post gemfiles_path + + assert_equal "File can't be blank", flash[:error] + end + + test "create with an invalid Gemfile.lock redirects to the homepage with an error message" do + file = File.new(Rails.root.join("test/fixtures/files/corrupt.lock")) + file_upload = fixture_file_upload(file) + + post gemfiles_path, params: {gemfile: {file: file_upload}} + + assert_redirected_to root_path + assert_includes flash[:error], "File has contents that are not what they are reported to be" + assert_includes flash[:error], "File is invalid" + assert_includes flash[:error], "File content type is invalid" + end + + test "show with a numeric id raises RecordNotFound since lookup is by alpha_id" do + gemfile = Gemfile.create(file: File.new(Rails.root.join("test/fixtures/files/Gemfile.lock"))) + + assert_raises(ActiveRecord::RecordNotFound) do + get gemfile_path(id: gemfile.id) + end + end + + test "show with the alpha_id renders successfully" do + gemfile = Gemfile.create(file: File.new(Rails.root.join("test/fixtures/files/Gemfile.lock"))) + + get gemfile_path(id: gemfile.alpha_id) + + assert_response :success + end + + test "show with the PDF format renders a PDF successfully" do + gemfile = Gemfile.create(file: File.new(Rails.root.join("test/fixtures/files/Gemfile.lock"))) + + get gemfile_path(id: gemfile.alpha_id, format: :pdf) + + assert_response :success + assert_equal "application/pdf", response.content_type + assert response.body.start_with?("%PDF") + end +end diff --git a/test/controllers/home_controller_test.rb b/test/controllers/home_controller_test.rb index 6013b68..709b96d 100644 --- a/test/controllers/home_controller_test.rb +++ b/test/controllers/home_controller_test.rb @@ -5,5 +5,4 @@ class HomeControllerTest < ActionDispatch::IntegrationTest get home_index_url assert_response :success end - end diff --git a/spec/support/fixtures/Gemfile.lock b/test/fixtures/files/Gemfile.lock similarity index 100% rename from spec/support/fixtures/Gemfile.lock rename to test/fixtures/files/Gemfile.lock diff --git a/spec/support/fixtures/corrupt.lock b/test/fixtures/files/corrupt.lock similarity index 100% rename from spec/support/fixtures/corrupt.lock rename to test/fixtures/files/corrupt.lock diff --git a/test/fixtures/gemfiles.yml b/test/fixtures/gemfiles.yml deleted file mode 100644 index 722f56a..0000000 --- a/test/fixtures/gemfiles.yml +++ /dev/null @@ -1,7 +0,0 @@ -# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html - -one: - file: MyString - -two: - file: MyString diff --git a/test/integration/.keep b/test/integration/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/test/mailers/.keep b/test/mailers/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/test/models/gemfile_test.rb b/test/models/gemfile_test.rb index 70a75c8..6054e04 100644 --- a/test/models/gemfile_test.rb +++ b/test/models/gemfile_test.rb @@ -1,7 +1,130 @@ -require 'test_helper' +require "test_helper" +require "bundler/audit/scanner" +require "minitest/mock" +require "ostruct" class GemfileTest < ActiveSupport::TestCase - # test "the truth" do - # assert true - # end + class BundlerAuditScannerStub + attr_reader :vulnerabilities + + def initialize(vulnerabilities) + @vulnerabilities = vulnerabilities + end + + def scan(&block) + vulnerabilities.each { |v| block.call(v) } + end + end + + def valid_file + File.new(Rails.root.join("test/fixtures/files/Gemfile.lock")) + end + + def stub_scanner(vulnerabilities = [], &block) + Bundler::Audit::Scanner.stub :new, BundlerAuditScannerStub.new(vulnerabilities), &block + end + + test "valid subject is valid and generates an 8-character alpha_id" do + stub_scanner do + gemfile = Gemfile.new(file: valid_file) + + assert gemfile.valid? + assert_equal 8, gemfile.alpha_id.size + end + end + + test "invalid file makes the record invalid" do + stub_scanner do + gemfile = Gemfile.new(file: File.new(Rails.root.join("Gemfile"))) + + assert_not gemfile.valid? + assert_equal ["File file name is invalid", "File is invalid"], gemfile.errors.full_messages + end + end + + test "temp_file fetches the attachment via URI.open when the URL is protocol-relative" do + gemfile = Gemfile.new(file: valid_file) + assert gemfile.save + content = "remote gemfile lock contents" + + gemfile.file.stub :url, "//s3.amazonaws.com/bucket/gemfiles/files/1/original/Gemfile.lock" do + URI.stub :open, StringIO.new(content) do + temp_file = gemfile.temp_file + + assert_equal content, File.read(temp_file.path) + end + end + end + + test "nil file makes the record invalid" do + stub_scanner do + gemfile = Gemfile.new(file: nil) + + assert_not gemfile.valid? + assert_equal ["File can't be blank"], gemfile.errors.full_messages + end + end + + test "check_with_bundler_audit returns empty results when Gemfile.lock is not vulnerable" do + stub_scanner do + gemfile = Gemfile.new(file: valid_file) + + assert gemfile.save + assert_equal({warnings: [], advisories: []}, gemfile.check_with_bundler_audit) + end + end + + test "check_with_bundler_audit returns warnings and advisories when Gemfile.lock is vulnerable" do + vulnerabilities = [ + Bundler::Audit::Results::InsecureSource.new("http://rubygems.org/"), + Bundler::Audit::Results::UnpatchedGem.new( + OpenStruct.new(name: "actionmailer", version: "3.0.1"), + OpenStruct.new({ + id: "OSVDB-98629", + url: "http://www.osvdb.org/show/osvdb/98629", + title: "Action Mailer Gem for Ruby contains a possible DoS Vulnerability", + description: "Action Mailer Gem for Ruby contains a format string flaw in the Log Subscriber component. The issue is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input when handling email addresses. This may allow a remote attacker to cause a denial of service" + }) + ), + Bundler::Audit::Results::UnpatchedGem.new( + OpenStruct.new(name: "actionpack", version: "3.0.1"), + OpenStruct.new({ + id: "CVE-2014-7829", + url: "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk", + title: "Arbitrary file existence disclosure in Action Pack", + description: "Specially crafted requests can be used to determine whether a file exists on\nthe filesystem that is outside the Rails application's root directory. The\nfiles will not be served, but attackers can determine whether or not the file\nexists. This vulnerability is very similar to CVE-2014-7818, but the\nspecially crafted string is slightly different.\n" + }) + ), + Bundler::Audit::Results::UnpatchedGem.new( + OpenStruct.new(name: "actionpack", version: "3.0.1"), + OpenStruct.new({ + id: "CVE-2014-7830", + url: "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRC321", + title: "Arbitrary file existence disclosure in Action Pack part 2", + description: "Custom Description" + }) + ) + ] + + stub_scanner(vulnerabilities) do + gemfile = Gemfile.new(file: valid_file) + assert gemfile.save + + result = gemfile.check_with_bundler_audit + + assert result.key?(:warnings) + assert result.key?(:advisories) + assert_equal 3, result[:advisories].size + assert_equal ["Insecure Source URI found: http://rubygems.org/"], result[:warnings] + + last_advisory = result[:advisories].last + assert_equal "actionpack@3.0.1", last_advisory[:label] + assert_equal "actionpack", last_advisory[:name] + assert_equal "3.0.1", last_advisory[:version] + assert_equal "CVE-2014-7830", last_advisory[:id] + assert_equal "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRC321", last_advisory[:url] + assert_equal "Arbitrary file existence disclosure in Action Pack part 2", last_advisory[:title] + assert_equal "Custom Description", last_advisory[:description] + end + end end diff --git a/test/system/.keep b/test/system/.keep deleted file mode 100644 index e69de29..0000000 diff --git a/test/system/gemfiles_test.rb b/test/system/gemfiles_test.rb new file mode 100644 index 0000000..b7a56ad --- /dev/null +++ b/test/system/gemfiles_test.rb @@ -0,0 +1,24 @@ +require "application_system_test_case" +require "net/http" + +class GemfilesTest < ApplicationSystemTestCase + test "uploading a Gemfile.lock renders the results page and a downloadable PDF" do + visit root_path + + # The real file input is visually hidden by the custom upload widget's + # CSS (a styled label/span sit in front of it); make_visible: true has + # Capybara temporarily reveal it just for the attach, then hide it again. + attach_file "gemfile_file", Rails.root.join("test/fixtures/files/Gemfile.lock"), make_visible: true + click_button "Check file" + + assert_current_path %r{\A/gemfiles/\w+\z} + assert_text "Vulnerabilities" + assert_text "found on your file" + + pdf_response = Net::HTTP.get_response(URI("#{current_url}.pdf")) + + assert_equal "200", pdf_response.code + assert_equal "application/pdf", pdf_response.content_type + assert pdf_response.body.start_with?("%PDF") + end +end diff --git a/test/test_helper.rb b/test/test_helper.rb index e3c4ff0..c134b03 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -5,5 +5,7 @@ class ActiveSupport::TestCase # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order. fixtures :all - # Add more helper methods to be used by all tests here... + Minitest.after_run do + FileUtils.rm_rf(Rails.root.join("test/test_files")) + end end