diff --git a/.github/workflows/ci-app-rails.yml b/.github/workflows/ci-app-rails.yml index 0ffdca6..8eba4b0 100644 --- a/.github/workflows/ci-app-rails.yml +++ b/.github/workflows/ci-app-rails.yml @@ -31,7 +31,7 @@ jobs: run: | touch ./app-rails/.env - - run: make lint + - run: make lint-ci test: name: Test diff --git a/app-rails/config/environments/development.rb b/app-rails/config/environments/development.rb index 0df3ead..2368da8 100644 --- a/app-rails/config/environments/development.rb +++ b/app-rails/config/environments/development.rb @@ -67,7 +67,7 @@ config.assets.quiet = true # Allow web_console to render when triggered from the rails app running locally in a docker container. - config.web_console.permissions = ["192.168.0.0/16", "172.16.0.0/16", "10.0.0.0/8"] + config.web_console.permissions = [ "192.168.0.0/16", "172.16.0.0/16", "10.0.0.0/8" ] # Raises error for missing translations. # config.i18n.raise_on_missing_translations = true diff --git a/app-rails/config/environments/production.rb b/app-rails/config/environments/production.rb index 02416f7..82e96e2 100644 --- a/app-rails/config/environments/production.rb +++ b/app-rails/config/environments/production.rb @@ -57,7 +57,7 @@ # Exclude healthcheck endpoint from force SSL since healthchecks should not go through # the reverse proxy. # See https://api.rubyonrails.org/classes/ActionDispatch/SSL.html - config.ssl_options = { redirect: { exclude: -> request { /health/.match?(request.path) } } } + config.ssl_options = { redirect: { exclude: ->(request) { /health/.match?(request.path) } } } # Log to STDOUT by default config.logger = ActiveSupport::Logger.new(STDOUT) diff --git a/docs/app-rails/application-security.md b/docs/app-rails/application-security.md index 8c716bf..389f723 100644 --- a/docs/app-rails/application-security.md +++ b/docs/app-rails/application-security.md @@ -55,7 +55,7 @@ There is currently no file upload or download functionality at this time, so ple - [x] Filter log entries so they do not include passwords or secrets - Note: Log filtering is set in [filter_parameter_logging.rb](app-rails/config/initializers/filter_parameter_logging.rb): `:passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn`. - [x] Use the correct Ruby REGEX: `\A` and `\z` and not the more common: `/^` and `$/`. -- [ ] Add `multiline: true` to regex `format:` in validations. + - Note: If there is a need to use `/^` and `$/` in the regex, add `multiline: true` to regex `format:` in validations. - [x] When searching for data belonging to the user, search using Active Record from the user and not from the target data object. ie. Instead of doing: `@task = Task.find(params[:id])`, instead do: `@user.tasks.find(params[:id])`. - Note: This application is also using [pundit](https://github.com/varvet/pundit) to support resource authorization.