Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an optional URL whitelist safeguard #526

Merged
merged 4 commits into from
May 25, 2018
Merged

Add an optional URL whitelist safeguard #526

merged 4 commits into from
May 25, 2018

Conversation

benclewis
Copy link
Contributor

Hi, love the new safeguards, running DatabaseCleaner has always made me a little nervous.

We run our tests in docker containers so we've had to disable the remote URL check in our pipeline, so I added an option to set a whitelist of URLs.

saiqulhaq
saiqulhaq reviewed Apr 21, 2018
View reviewed changes
Copy link

@saiqulhaq saiqulhaq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

etagwerker
etagwerker requested changes May 23, 2018
View reviewed changes
Copy link
Member

@etagwerker etagwerker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@benclewis Looks good! 💯

Just one comment re: code style.

Thanks!

lib/database_cleaner/safeguard.rb Outdated
end

class WhitelistedUrl
def run
raise Error::NotWhitelistedUrl if !skip? && given?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@benclewis Could you refactor this to avoid the double negative? It's hard to read the combination of !skip? and !DatabaseCleaner.url_whitelist

Maybe you can make it a little more straightforward like this:

def run
  return if skip?
  raise Error::NotWhitelistedUrl if database_url_not_whitelisted?
end

@benclewis
Copy link
Contributor Author

@etagwerker change made, thanks a lot!

@etagwerker
Copy link
Member

@benclewis Great, thanks! 💯

@etagwerker etagwerker merged commit e13522d into DatabaseCleaner:master May 25, 2018
@JuanitoFatas
Copy link

@etagwerker Could we cut a new version for this? 🙏

nTraum added a commit to CitizenLabDotCo/citizenlab that referenced this pull request Dec 1, 2021
@nTraum
[No ticket] Upgrade to database_cleaner 2
cf6d82a 
The library is now splitted into multiple gems, depending on the ORM / database you use.

Changes since 1.7.0:

```
== 2.0.1 2021-02-04

== Bugfixes
  * Regression: allow_remote_database_url and url_allowlist not working anymore: DatabaseCleaner/database_cleaner#671

== 2.0.0 2021-01-31

=== Changes
  * Rename `url_whitelist` to `url_allowlist`
  * Allowlist now supports regular expressions
  * Fixed Ruby 2.7 deprecation warnings

=== Breaking changes
  * Failed checks against the allowlist now raise `UrlNotAllowed` rather than `NotWhitelistedUrl`

== 2.0.0.beta2 2020-05-30

=== Features
  * New API for ORM Adapter gems: DatabaseCleaner/database_cleaner#644

=== Breaking changes
  * Rename :connection configuration option to :db for consistency: DatabaseCleaner/database_cleaner#650
  * Remove all #orm= setter methods: https://github.com/DatabaseCleaner/database_cleaner/pull/643/files
  * drop support for Ruby 2.4 which is EOL as of 2020-03-31: DatabaseCleaner/database_cleaner#635

== 2.0.0.beta 2020-04-05

=== Breaking changes
  * Replace old shared RSpec examples with new "database_cleaner adapter" example: DatabaseCleaner/database_cleaner#629
  * split gem into database_cleaner-core and database_cleaner metagem.
  * Support Ruby versions 2.4, 2.5, 2.6, and 2.7, and drop support for older Rubies.
  * remove all deprecated code and get the specs passing again.
  * Split off all adapter gems into their own repos: DatabaseCleaner/database_cleaner#620

== 1.99.0 2021-01-31

== Changes
  * Remove unnecessary dependency on database_cleaner-mongo from database_cleaner-mongoid: @botandrose
  * Enable the :cache_tables option for the mongo truncation strategy, and default to true: DatabaseCleaner/database_cleaner#646"
  * Introduce deletion aliases for truncation strategies for mongo, mongoid, and redis adapters. DatabaseCleaner/database_cleaner#654
  * Add new :db orm configuration key, for consistency with #db and #db=. DatabaseCleaner/database_cleaner#649

== Deprecations
  * Deprecate all #orm= setter methods: DatabaseCleaner/database_cleaner#643
  * Deprecate non-functional :reset_ids option in ActiveRecord truncation strategy: DatabaseCleaner/database_cleaner#559
  * Deprecate mongo truncation's `:cache_tables => true` option in favor of `false`, to prep for caching removal in v2.0: DatabaseCleaner/database_cleaner#646"
  * Deprecate redis truncation's #url method in favor of #db: @botandrose
  * Deprecate mongo, mongoid, and redis truncation strategies in favor of deletion. DatabaseCleaner/database_cleaner#654
  * Deprecate :connection and :model configuration options in favor of :db for consistency: DatabaseCleaner/database_cleaner#650

== Bugfixes
  * Fix deprecation warning about `DatabaseCleaner.connections` to recommend a better alternative: DatabaseCleaner/database_cleaner#656

== 1.8.5 2020-05-04

=== Bug Fixes
  * Fix :mongo strategy: DatabaseCleaner/database_cleaner#645

== 1.8.4 2020-04-02

=== Bug Fixes
  * Fix false positive deprecation warnings on Windows: DatabaseCleaner/database_cleaner#633

== 1.8.3 2020-02-18

=== Bug Fixes
  * Fix performance issue of DatabaseCleaner::Base#orm_module: DatabaseCleaner/database_cleaner#625

== 1.8.2 2020-02-01

=== Bug Fixes
  * Fix database_cleaner-ohm autodetected adapter loading: DatabaseCleaner/database_cleaner#619
  * Fix database_cleaner-mongo_mapper autodetected adapter loading: @botandrose
  * Fix database_cleaner-mongoid autodetected adapter loading: DatabaseCleaner/database_cleaner#617
  * Exclude ar_internal_metadata from truncation on Rails 5: DatabaseCleaner/database_cleaner#588

=== Changes
  * Deprecate ohm adapter: DatabaseCleaner/database_cleaner#619

== 1.8.1 2020-01-30

=== Bug Fixes
  * Remove undeclared active_support dependency: DatabaseCleaner/database_cleaner#612

== 1.8.0 2020-01-29

=== Bug Fixes
  * Fix MySQL deprecation warnings with Rails 5: DatabaseCleaner/database_cleaner#574
  * Fix MySQL truncation with `pre_count: true`: DatabaseCleaner/database_cleaner#498
  * Fix primary key sequence resetting in Sequel with Postgres and SQLite: https://github.com/DatabaseCleaner/database_cleaner/pull/538/files
  * ActiveRecord truncation adapter doesn't work with Oracle: DatabaseCleaner/database_cleaner#542

=== Changes
  * Extract ORM adapters into gems: DatabaseCleaner/database_cleaner#560
  * Allow postgres:///dbname as a local url: DatabaseCleaner/database_cleaner#569
  * Add an optional URL whitelist safeguard: DatabaseCleaner/database_cleaner#526
  * Add `local` tld to safeguard check: DatabaseCleaner/database_cleaner#547
  * Speed up ActiveRecord deletion strategy: DatabaseCleaner/database_cleaner#534
  * Consider `sqlite:` database urls to be local: DatabaseCleaner/database_cleaner#529
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saiqulhaq saiqulhaq saiqulhaq left review comments

@etagwerker etagwerker etagwerker approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@benclewis @etagwerker @JuanitoFatas @saiqulhaq