-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add database backup route #417
Conversation
Warnings seen in CI
|
Limit file access to the temporary directory we create. Hopefully addresses the code scanning alert about https://brakemanscanner.org/docs/warning_types/file_access/ Suggested by @jage at #417 (comment)
Looked at ignoring the warning from Brakeman now that we have adequately addressed it. Not pleased with what I found 😞
|
Looks like the ignore is kinda specific, adding get '/foo/:foo' do
send_file params["foo"]
end to another file, and also the same file, generates a new warning (not ignored). Adding some lines of code to the |
Looks like it didn't work :/ https://github.com/Starkast/wikimum/security/code-scanning?query=is%3Aopen+pr%3A417 still reports 1 open alert: https://github.com/Starkast/wikimum/security/code-scanning/3 |
Another disappointment, GitHub doesn't support suppressions in the uploaded SARIF 😞 github/codeql-action#1230 (comment) |
I dismissed the alert now, it had me give a reason (gave it |
Close #413 The SQL dump can be downloaded with curl --verbose --silent --location --request POST --user user:pass --output test.sql http://localhost:8080/.backup
/home/runner/work/wikimum/wikimum/test/integration/app_backup_test.rb:43: warning: ambiguous first argument; put parentheses or a space even after `/' operator /home/runner/work/wikimum/wikimum/test/integration/app_backup_test.rb:67: warning: ambiguous first argument; put parentheses or a space even after `/' operator
Now the temporary file will be automatically deleted when the Ruby interpreter exits. https://ruby-doc.org/stdlib-2.7.6/libdoc/tempfile/rdoc/Tempfile.html#new-method
Limit file access to the temporary directory we create. Hopefully addresses the code scanning alert about https://brakemanscanner.org/docs/warning_types/file_access/ Suggested by @jage at #417 (comment)
The file access is limited to a temporary directory we create.
This string ends up in the "justification" attribute in the SARIF output, and apparently it is not valid SARIF if it isn't a string (it was null). From https://github.com/Starkast/wikimum/actions/runs/3465429770/jobs/5788144432#step:6:26 > Error: Unable to upload "output.sarif.json" as it is not valid SARIF:
1855075
to
f553fc3
Compare
Close #413
The SQL dump can be downloaded with