Open
Conversation
Three issues were causing CI failures: **Brakeman (scan_ruby):** - Sanitize `entry.url` in link_to href in scraping_health view to reject non-http(s) URLs, fixing a Weak XSS warning (LinkToHref check) **Test failures:** - StatcanDatasetsController#show used find_by(:name) but the URL helper generated paths using the integer primary key; added `to_param` to StatcanDataset to use `name` as the URL param, and added a proper 404 response when the dataset is not found - CommitmentRelevanceFilterJob test used `:abandoned` status which was removed from the Commitment enum; updated to use `:broken` (the current terminal status that the job filters out) - StatcanDataset#needs_sync? and related tests used Time.parse which produces local-timezone times, but Fugit evaluates cron schedules in UTC (Rails default); tests now use Time.utc to be timezone-independent, fixing failures on non-UTC machines
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CI has been failing on every push to
mainsince March 24. This PR fixes all three root causes across thescan_rubyandtestjobs.Brakeman (scan_ruby job)
entry.urlwas used directly as alink_tohref, which Brakeman flags as a potentialjavascript:URL injection. Fixed by validating the URL starts withhttp(s)://before using it as the href, falling back to"#".Test failures (test job)
StatcanDatasetsController(2 failures) — The controller looked up datasets byname(find_by(name: params[:id])), but the Rails URL helper generates paths using the integer primary key by default. Addedto_paramtoStatcanDatasetto usenameas the URL segment (consistent with the controller's lookup strategy). Also added a proper404response when the dataset is not found — previously it renderednullwith a 200.CommitmentRelevanceFilterJobtest — Test created aCommitmentwithstatus: :abandoned, but that status was removed from the enum (current terminal status is:broken). Updated the test to use:broken, which is what the job actually filters out.StatcanDataset#needs_sync?/StatcanCronJobtests (timezone bug) — Tests usedTime.parse("...")which produces local-timezoneTimeobjects, butFugit::Cron#previous_timeevaluates schedules in UTC (Rails' default timezone). This caused the tests to pass in CI (UTC servers) but fail locally in non-UTC timezones. Fixed by usingTime.utc(...)in the affected tests, making them timezone-independent.Test plan
bin/rails db:test:prepare testbin/brakeman --no-pagerbin/rubocop -f github