Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changed cookie serializer from :hybrid to :json as hybrid serializer has security issues; Fixed collaboration_controller dynamic resource path brakeman issue; #2101

Merged
merged 2 commits into from
Aug 12, 2021
Merged

Changed cookie serializer from :hybrid to :json as hybrid serializer has security issues; Fixed collaboration_controller dynamic resource path brakeman issue; #2101

merged 2 commits into from
Aug 12, 2021

Conversation

RajeshPaul38
Copy link
Contributor

Added one brakeman test in ignore list; fixed collaboration_controller dynamic resource path brakeman issue

Description

  • Added one brakeman test in ignore list.
  • Fixed collaboration_controller dynamic resource path brakeman issue

Issues Resolved

  • Brakeman failure fix

Check List

@RajeshPaul38
Added one brakeman test in ignore list; fixed collaboration_controlle…
6de00f6 
…r dynamic resource path brakeman issue

Signed-off-by: Rajesh Paul <rajesh.paul@progress.com>
@RajeshPaul38 RajeshPaul38 changed the title Added one brakeman test in ignore list; fixed collaboration_controlle… Fixed collaboration_controller dynamic resource path brakeman issue; Added one brakeman test in ignore list; Aug 9, 2021
@RajeshPaul38
changed cookie serializer from :hybrid to :json as hybrid serializer …
2a5a46f 
…has security issues

Signed-off-by: Rajesh Paul <rajesh.paul@progress.com>
@RajeshPaul38 RajeshPaul38 requested review from a team as code owners August 10, 2021 13:25
@RajeshPaul38 RajeshPaul38 changed the title Fixed collaboration_controller dynamic resource path brakeman issue; Added one brakeman test in ignore list; Changed cookie serializer from :hybrid to :json as hybrid serializer has security issues; Fixed collaboration_controller dynamic resource path brakeman issue; Aug 10, 2021
@tas50 tas50 requested a review from a team August 11, 2021 03:42
@RajeshPaul38 RajeshPaul38 linked an issue Aug 11, 2021 that may be closed by this pull request
Evaluate brakeman identified security issues #2016
Closed
saghoshprogress
saghoshprogress requested changes Aug 12, 2021
View reviewed changes
src/supermarket/config/initializers/cookies_serializer.rb
# has been upgraded to version:5 around 4 years back.
# Changing this now as the chances of preexisting cookies which are more than 4 years old is very less.
# In worst case the cookie will not be supported and the user will be asked to signin again.
# If that's an issue we will revert it back to :hybrid
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

src/supermarket/app/controllers/collaborators_controller.rb
redirect_to(
resource
send(resource_path_str, resource)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is the need for extra variables resource_path_str

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just for the readibility.

@RajeshPaul38 RajeshPaul38 requested a review from a team August 12, 2021 08:24
@tas50 tas50 merged commit 14e94b3 into master Aug 12, 2021
@tas50 tas50 deleted the rajeshpaul38/brakeman-error-fixes branch August 12, 2021 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saghoshprogress saghoshprogress saghoshprogress requested changes

Assignees

@tas50 tas50

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Evaluate brakeman identified security issues
3 participants
@RajeshPaul38 @saghoshprogress @tas50