Security loofah (#86)

* loofah security issue

* adding chromedriver_version variable

* linting

.env.template

@@ -1 +1,2 @@
 MM_GOOGLE_API_KEY=MM_GOOGLE_API_KEY
+CHROMEDRIVER_VERSION=CHROMEDRIVER_VERSION

Gemfile

@@ -40,6 +40,7 @@ gem 'font-awesome-rails'
 gem 'foundation-rails'
 gem 'google-maps'
 gem 'jquery-rails'
+gem 'loofah', '>= 2.3.1'
 gem 'recaptcha'
 gem 'sprockets-es6'
 

Gemfile.lock

@@ -78,7 +78,7 @@ GEM
     concurrent-ruby (1.1.5)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    crass (1.0.4)
+    crass (1.0.5)
     devise (4.7.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
@@ -124,7 +124,7 @@ GEM
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
-    loofah (2.2.3)
+    loofah (2.3.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -143,7 +143,7 @@ GEM
       metaclass (~> 0.0.1)
     msgpack (1.3.1)
     nio4r (2.5.1)
-    nokogiri (1.10.4)
+    nokogiri (1.10.5)
       mini_portile2 (~> 2.4.0)
     orm_adapter (0.5.0)
     parallel (1.17.0)
@@ -287,6 +287,7 @@ DEPENDENCIES
   jbuilder (~> 2.5)
   jquery-rails
   listen (>= 3.0.5, < 3.2)
+  loofah (>= 2.3.1)
   mini_racer
   mocha
   pg

app/controllers/registrations_controller.rb

@@ -8,11 +8,11 @@ class RegistrationsController < Devise::RegistrationsController
   private
 
   def check_captcha
-    unless verify_recaptcha
-      self.resource = resource_class.new sign_up_params
-      resource.validate # Look for any other validation errors besides Recaptcha
-      set_minimum_password_length
-      respond_with resource
-    end
+    return if verify_recaptcha
+
+    self.resource = resource_class.new sign_up_params
+    resource.validate # Look for any other validation errors besides Recaptcha
+    set_minimum_password_length
+    respond_with resource
   end
 end

app/services/processor/saint_paul.rb

@@ -15,7 +15,7 @@ def process
       get_meeting_rows.each do |m|
         md = Processor::SaintPaul.extract_meeting_data(m)
         meeting = Processor::SaintPaul.send(:persist_meeting, md)
-        return unless meeting
+        next unless meeting
 
         puts "Processing #{meeting.name}: #{meeting.date}"
         r = Processor::SaintPaul.get_meeting_detail_rows meeting[:details]

test/system/users_test.rb

@@ -53,9 +53,9 @@ class UsersTest < ApplicationSystemTestCase
 
   private
 
-  def require_recaptcha(y = true)
+  def require_recaptcha(req = true)
     r = Recaptcha.configuration.skip_verify_env
-    return r.delete('test') if y
+    return r.delete('test') if req
 
     r.push('test') unless r.include?('test')
   end