Conversation
…fety This commit introduces several new gems: `rack-attack` for rate limiting and blocking abusive requests, `brakeman` for static analysis security vulnerability scanning, `bundler-audit` for checking for insecure gem versions, and `safety_net` for additional security measures. These additions aim to improve the overall security posture of the application and ensure better dependency management.
This commit introduces a new Dependabot configuration file to automate dependency updates for the application. The configuration specifies a weekly update schedule for Bundler dependencies, limits open pull requests, and includes settings for reviewers, assignees, and labels. This enhancement aims to improve dependency management and security by ensuring timely updates.
This commit introduces a new GitHub Actions workflow that automates security audits and test execution. The workflow is triggered on pushes and pull requests to the main and staging branches, as well as on a weekly schedule. It sets up a MySQL service, installs dependencies, creates the test database, and runs security checks using Brakeman and bundle audit, followed by executing RSpec tests. This enhancement aims to improve the application's security posture and ensure reliable test coverage.
This commit introduces a new `SecurityProtection` concern that implements security checks for incoming requests. It validates UTF-8 encoding and detects potential PHP attack patterns, logging warnings and capturing messages with Sentry for any violations. The concern also provides custom error responses for 404 and 403 statuses, enhancing the application's security posture and error handling capabilities.
This commit introduces a new initializer for Rack::Attack, implementing rate limiting and request blocking to protect against abusive behavior. It includes throttling for login attempts by IP and email, as well as blocklisting for suspicious requests and known malicious IP addresses. Custom responses for throttled and blocked requests are also defined, improving the application's security posture and user experience.
…nhanced security This commit includes the `SecurityProtection` concern in the `ApplicationController`, ensuring that security checks for incoming requests are applied across all controllers. This integration aims to bolster the application's security measures by validating requests and logging potential violations, further enhancing the overall security posture.
This commit introduces a new `security.rake` file containing two Rake tasks: `security:audit` for running security checks on dependencies using `bundle audit`, `bundle outdated`, and `brakeman`, and `security:update` for updating dependencies with security patches followed by a security audit. These tasks aim to streamline the process of maintaining application security and ensuring up-to-date dependencies.
…setup This commit modifies the GitHub Actions workflow by updating the MySQL service to version 8.0 and adding necessary environment variables for the test environment. It also includes a step to install MySQL client dependencies and implements a wait mechanism for the MySQL service to ensure it is ready before running database setup and tests. These changes aim to improve the reliability and compatibility of the CI/CD pipeline.
This commit updates the `database.yml` file to enhance the management of database credentials by utilizing environment variables for username, password, and host settings. It also modifies the staging and production database names for consistency. These changes aim to improve security and flexibility in database configuration across different environments.
…figuration This commit modifies the `security.yml` file in the GitHub Actions workflow by removing specific database credentials and replacing them with a more generic `RACK_ENV` variable for the test environment. This change aims to enhance security by minimizing exposure of sensitive information and improving the overall configuration of the CI/CD pipeline.
…usage This commit updates the `database.yml` file to ensure consistent usage of environment variables for database credentials across all environments, including development, test, staging, and production. These changes aim to improve security and maintainability by reducing hardcoded values and promoting a more flexible configuration approach.
This commit updates the `database.yml` file to enhance the management of database credentials by standardizing the use of environment variables across all environments. It removes hardcoded values for development and test environments, updates the staging configuration to use a URL, and modifies the production database name for consistency. These changes aim to improve security and maintainability in the application's database configuration.
This commit modifies the `database.yml` file to standardize the usage of environment variables for the database password in the development environment. By using a default empty string when the environment variable is not set, this change enhances security and maintains consistency across the application's database configuration.
This commit updates multiple controllers to replace direct ActiveRecord queries with policy scopes for better authorization handling. The changes ensure that only accessible records are fetched based on the current user's permissions, enhancing security and maintaining consistent access control across the application.
This commit updates several views to replace direct rendering of model instances with partials, improving code organization and maintainability. Additionally, the controller has been modified to utilize policy scopes for fetching containers and departments, enhancing authorization handling and ensuring that only accessible records are displayed based on user permissions.
…-audit This commit modifies the security workflow in GitHub Actions to run the bundle-audit command with bundle exec, ensuring that the correct gem environment is used. This change enhances the reliability of the security checks performed during the CI process.
This commit simplifies the RSpec configuration by condensing the conditional assignment of the default formatter into a single line. This change enhances readability while maintaining the same functionality, ensuring a more idiomatic Ruby style in the test setup.
This commit modifies the user role policy spec to create a user role instance directly, ensuring that the test setup is more explicit and aligned with the intended user-role relationship. This change enhances the clarity and reliability of the tests by avoiding reliance on existing records.
This commit updates the SecurityProtection concern to replace instances of `request.params.to_unsafe_h` with `request.params.to_h`. This change enhances security by ensuring that parameters are handled safely while maintaining the same functionality. Additionally, it improves the clarity of the code by using a more appropriate method for parameter access.
This commit modifies the routes configuration to ensure that the root path ('/') is excluded from being caught by the error handling route. This change enhances the routing logic by preventing unnecessary error handling for the root path, improving the overall user experience.
…rity This commit updates the handle_exceptions method in the ApplicationController to enhance the handling of Pundit::NotAuthorizedError and ActiveRecord::RecordNotFound exceptions. The error message for unauthorized actions is made more user-friendly, and the redirect logic is simplified to consistently redirect to the root path for authorization errors, improving the overall user experience.
This commit updates the export_entries method to include explicit authorization for contest instances, ensuring that only authorized users can export entries. Additionally, the set_container method is modified to use find_by for safer container retrieval, with added error handling to redirect unauthorized access attempts to the root path, improving user experience and security.
This commit modifies the error message for Pundit::NotAuthorizedError in the ApplicationController, changing it to a more distinct notification. This enhancement aims to improve the clarity of authorization feedback provided to users, ensuring they are aware of the authorization issue encountered.
This commit reorganizes the authorization logic in the ContestInstancesController by moving the authorize_container_access method to a before_action callback. The set_container method is updated to raise a Pundit::NotAuthorizedError for unauthorized access, improving clarity and security. Additionally, the set_contest_instance method is repositioned for better structure, ensuring consistent handling of contest instances.
This commit updates the set_entry method to differentiate authorization logic based on the action name, allowing direct access for the 'applicant_profile' action while maintaining policy scope for others. Additionally, it introduces error handling for ActiveRecord::RecordNotFound, providing user-friendly flash messages and redirecting unauthorized access attempts to the root path, thereby improving security and user experience.
This commit enhances the authorization logic in the EntryPolicy by restructuring the conditions for user access. It introduces a base scope with necessary joins and separates the conditions for own entries and container entries, combining them with an OR clause. This refactor improves code readability and maintains the integrity of authorization checks for users.
This commit updates the judge management system tests to improve clarity and consistency in the test setup. Changes include using a specific user role for the admin user, enhancing the comments for better understanding, and standardizing the button selectors for the pool of judges tab. These adjustments aim to streamline the test flow and ensure that the tests accurately reflect the intended user interactions.
…ing output This commit updates the system test configuration by increasing the default maximum wait time for Capybara to 10 seconds. Additionally, it adds debugging output to display the page HTML and current URL when a system test fails, improving the ability to diagnose issues during test execution.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.