Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Shuffle tests" #10495

Merged
merged 1 commit into from
Jul 2, 2024
Merged

Revert "Shuffle tests" #10495

merged 1 commit into from
Jul 2, 2024

Conversation

Maffooch
Copy link
Contributor

@Maffooch Maffooch commented Jul 2, 2024

Reverts #10335

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jul 2, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer 0 findings
Configured Codepaths Analyzer 0 findings
IDOR Analyzer 0 findings
Sensitive Files Analyzer 0 findings
SQL Injection Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes are related to the unit testing setup and configuration for a Django-based application in a development Docker environment. The key changes involve the removal of the --shuffle option from the unit test command, which was previously used to randomize the order of the tests. This change does not introduce any obvious security vulnerabilities, as the --shuffle option is primarily used to identify hidden dependencies or race conditions in the codebase, rather than for security purposes.

The scripts also include several security-conscious practices, such as unsetting environment variables, ensuring database connectivity, validating the OpenAPI schema, and verifying database migrations. These practices help maintain the integrity and reliability of the application's test suite, which is an important aspect of the overall security posture.

Files Changed:

  1. docker/entrypoint-unit-tests-devDocker.sh:

    • The command to run the unit tests has been modified by removing the --shuffle option, which means the order of the tests will no longer be randomized.
    • The rest of the script sets up the development environment, including loading secrets, setting up the database, running database migrations, and checking the OpenAPI schema.

  2. docker/entrypoint-unit-tests.sh:

    • The --shuffle option has been removed from the python3 manage.py test command.
    • The script unsets the DD_DATABASE_URL and DD_CELERY_BROKER_URL environment variables before running the tests, which is a good practice to ensure that the tests are not affected by any external configuration.
    • The script includes a wait_for_database_to_be_reachable function to ensure that the database connection is established before running the tests.
    • The script checks for the OpenAPI schema generation using the drf-spectacular library and provides guidance on how to fix any issues.
    • The script also includes a check to ensure that any changes to the models are accompanied by a corresponding database migration.

Powered by DryRun Security

@github-actions github-actions bot added the docker label Jul 2, 2024
@Maffooch Maffooch merged commit 1502a3c into dev Jul 2, 2024
127 checks passed
@Maffooch Maffooch deleted the revert-10335-shuffle_tests branch July 2, 2024 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
docker
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Maffooch