Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jan 27, 2023. It is now read-only.

Raise error in RSpec matcher when assessment is outdated#81

Merged
CDThomas merged 1 commit into
mainfrom
error-on-stale-assess-schema
Sep 21, 2022
Merged

Raise error in RSpec matcher when assessment is outdated#81
CDThomas merged 1 commit into
mainfrom
error-on-stale-assess-schema

Conversation

@CDThomas

@CDThomas CDThomas commented Sep 20, 2022
edited
Loading

Copy link
Copy Markdown
Contributor

This PR updates the ecrypt_sensitive_fields RSpec matcher to raise an error (and fail the test) when the assessment file is outdated.

This works by:

  1. Recording all fields currently on each model when the report is generated
  2. Checking that the current fields on the model being tested match the fields recorded in the assessment file

Here's an example of the error message for an outdated assessment file:
Screen Shot 2022-09-20 at 5 20 34 pm

And here's an example of the new format for the assessment file to support this:

---
User:
- :field: id
  :sensitive: false
- :field: name
  :sensitive: true
  :comment: 'suspected to contain: names'
- :field: email
  :sensitive: true
  :comment: 'suspected to contain: emails'
- :field: password_digest
  :sensitive: false
- :field: gender
  :sensitive: true
  :comment: 'suspected to contain: genders'
- :field: title
  :sensitive: false
- :field: ccn
  :sensitive: true
  :comment: 'suspected to contain: credit card numbers'
- :field: dob
  :sensitive: true
  :comment: 'suspected to contain: dates of birth'
- :field: created_at
  :sensitive: false
- :field: updated_at
  :sensitive: false
- :field: stash_id
  :sensitive: false

To help prevent outdated assessment files, this change also adds logic for running active_stash:assess after db:migrate runs.

@CDThomas CDThomas force-pushed the error-on-stale-assess-schema branch 2 times, most recently from b792f6f to e3aa16b Compare September 20, 2022 07:26
@CDThomas
Raise error in RSpec matcher when Assessment is outdated
473bb62 
* Record all DB fields in YAML report

* Mark fields as sensitive or not in report

* Fail encrypt_sensitive_fields matcher if report is out of date

* Run active_stash:assess task after db:migrate runs

* Add quiet arg to active_stash:assess
@CDThomas CDThomas force-pushed the error-on-stale-assess-schema branch from e3aa16b to 473bb62 Compare September 20, 2022 07:30
@CDThomas CDThomas changed the title Error on stale assess schema Raise error in RSpec matcher when assessment is outdated Sep 20, 2022
CDThomas
CDThomas commented Sep 20, 2022
View reviewed changes
Comment thread lib/tasks/active_stash.rake

Rake::Task["db:migrate"].enhance do
if ActiveStash::Assess.report_exists?
Rake::Task["active_stash:assess"].execute({quiet: true})

@CDThomas CDThomas Sep 20, 2022

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We only want to run active_stash:assess after db:migrate if the assessment file already exists. The intent here is to make life easy for users that have already generated the report, but to not create the file if the user isn't using Assess.

We also suppress output to stdout to avoid extra noise during migrations.

@auxesis auxesis Sep 21, 2022

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a smart way of handling this.

Nice work @CDThomas.

@CDThomas CDThomas marked this pull request as ready for review September 20, 2022 23:08
@CDThomas CDThomas requested a review from a team as a code owner September 20, 2022 23:08
@CDThomas CDThomas requested a review from auxesis September 20, 2022 23:08
auxesis
auxesis approved these changes Sep 21, 2022
View reviewed changes

@auxesis auxesis left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, love your work @CDThomas.

@CDThomas CDThomas merged commit abe34c9 into main Sep 21, 2022
@CDThomas CDThomas deleted the error-on-stale-assess-schema branch September 21, 2022 02:06
freshtonic pushed a commit that referenced this pull request Dec 21, 2022
@CDThomas
Merge pull request #81 from cipherstash/error-on-stale-assess-schema
a0fc10c 
Raise error in RSpec matcher when assessment is outdated
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@auxesis auxesis auxesis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CDThomas @auxesis