From 8d8ec23aa180db1aa50a263286e5c80d5553be3d Mon Sep 17 00:00:00 2001 From: Sojan Jose Date: Sun, 15 Sep 2024 21:14:07 -0700 Subject: [PATCH] chore: [Snyk] Security upgrade rspec-rails from 6.1.4 to 6.1.5 (#10066) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the rubygems dependencies of this project. #### Snyk changed the following file(s): - `Gemfile`
⚠️ Warning ``` Failed to update the Gemfile.lock, please update manually before merging. ```
#### Vulnerabilities that will be fixed with an upgrade: | | Issue | Score | :-------------------------:|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | Web Cache Poisoning
[SNYK-RUBY-RACK-1061917](https://snyk.io/vuln/SNYK-RUBY-RACK-1061917) |   **616**   --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) 🛠 [Adjust project settings](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"rspec-rails","from":"6.1.4","to":"6.1.5"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-RACK-1061917","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Web Cache Poisoning"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-RACK-1061917","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Web Cache Poisoning"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-RACK-1061917","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Web Cache Poisoning"},{"exploit_maturity":"Proof of Concept","id":"SNYK-RUBY-RACK-1061917","priority_score":616,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Web Cache Poisoning"}],"prId":"a1a6393e-787a-4fab-8f51-3f7f7f375ed6","prPublicId":"a1a6393e-787a-4fab-8f51-3f7f7f375ed6","packageManager":"rubygems","priorityScoreList":[616],"projectPublicId":"b7197bbd-6200-4f23-931d-c39928584360","projectUrl":"https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":["SNYK-RUBY-RACK-1061917"],"vulns":["SNYK-RUBY-RACK-1061917"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}' --------- Co-authored-by: snyk-bot --- Gemfile | 2 +- Gemfile.lock | 12 ++++---- .../platform/api/v1/users_controller_spec.rb | 29 ++++++++++++++----- .../process_account_applied_slas_job_spec.rb | 3 +- .../jobs/sla/process_applied_sla_job_spec.rb | 5 ++-- spec/jobs/account/contacts_export_job_spec.rb | 2 +- .../jobs/conversations/resolution_job_spec.rb | 4 +-- .../update_message_status_job_spec.rb | 4 +-- .../inboxes/fetch_imap_emails_job_spec.rb | 2 +- ...rsations_first_reply_scheduler_job_spec.rb | 3 +- .../remove_old_notification_job_spec.rb | 3 +- 11 files changed, 43 insertions(+), 26 deletions(-) diff --git a/Gemfile b/Gemfile index 9f2f73d83..ec57da193 100644 --- a/Gemfile +++ b/Gemfile @@ -228,7 +228,7 @@ group :development, :test do gem 'mock_redis' gem 'pry-rails' gem 'rspec_junit_formatter' - gem 'rspec-rails', '>= 6.1.4' + gem 'rspec-rails', '>= 6.1.5' gem 'rubocop', require: false gem 'rubocop-performance', require: false gem 'rubocop-rails', require: false diff --git a/Gemfile.lock b/Gemfile.lock index df8279bba..70bee9170 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -638,16 +638,16 @@ GEM strscan rspec-core (3.13.0) rspec-support (~> 3.13.0) - rspec-expectations (3.13.1) + rspec-expectations (3.13.2) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-mocks (3.13.1) diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) - rspec-rails (6.1.4) - actionpack (>= 6.1) - activesupport (>= 6.1) - railties (>= 6.1) + rspec-rails (7.0.1) + actionpack (>= 7.0) + activesupport (>= 7.0) + railties (>= 7.0) rspec-core (~> 3.13) rspec-expectations (~> 3.13) rspec-mocks (~> 3.13) @@ -930,7 +930,7 @@ DEPENDENCIES responders (>= 3.1.1) rest-client reverse_markdown - rspec-rails (>= 6.1.4) + rspec-rails (>= 6.1.5) rspec_junit_formatter rubocop rubocop-performance diff --git a/spec/controllers/platform/api/v1/users_controller_spec.rb b/spec/controllers/platform/api/v1/users_controller_spec.rb index 95d6cd452..895f30b29 100644 --- a/spec/controllers/platform/api/v1/users_controller_spec.rb +++ b/spec/controllers/platform/api/v1/users_controller_spec.rb @@ -94,13 +94,28 @@ RSpec.describe 'Platform Users API', type: :request do context 'when it is an authenticated platform app' do let(:platform_app) { create(:platform_app) } - it 'creates a new user and permissible for the user' do - expect do - post '/platform/api/v1/users/', params: { name: 'test', display_name: 'displaytest', - email: 'test@test.com', password: 'Password1!', - custom_attributes: { test: 'test_create' } }, - headers: { api_access_token: platform_app.access_token.token }, as: :json - end.not_to enqueue_mail + it 'creates a new user and permissible for the user without sending an email' do + # TODO: enqueued mail check failes because of : https://github.com/rspec/rspec-rails/pull/2793 + # revert to this block when the issue is fixed + + # expect do + # post '/platform/api/v1/users/', params: { name: 'test', display_name: 'displaytest', + # email: 'test@test.com', password: 'Password1!', + # custom_attributes: { test: 'test_create' } }, + # headers: { api_access_token: platform_app.access_token.token }, as: :json + # byebug + # end.not_to have_enqueued_mail + + ##------ revert this block when the issue is fixed + post '/platform/api/v1/users/', params: { name: 'test', display_name: 'displaytest', + email: 'test@test.com', password: 'Password1!', + custom_attributes: { test: 'test_create' } }, + headers: { api_access_token: platform_app.access_token.token }, as: :json + mail_jobs = ActiveJob::Base.queue_adapter.enqueued_jobs.select do |job| + job[:job] == 'ActionMailer::MailDeliveryJob' + end + expect(mail_jobs.count).to eq(0) + ##------ revert this block when the issue is fixed expect(response).to have_http_status(:success) data = response.parsed_body diff --git a/spec/enterprise/jobs/sla/process_account_applied_slas_job_spec.rb b/spec/enterprise/jobs/sla/process_account_applied_slas_job_spec.rb index 5d628f71e..abddfca23 100644 --- a/spec/enterprise/jobs/sla/process_account_applied_slas_job_spec.rb +++ b/spec/enterprise/jobs/sla/process_account_applied_slas_job_spec.rb @@ -10,8 +10,9 @@ RSpec.describe Sla::ProcessAccountAppliedSlasJob do let!(:active_with_misses_applied_sla) { create(:applied_sla, account: account, sla_policy: sla_policy, sla_status: 'active_with_misses') } it 'enqueues the job' do - expect { described_class.perform_later }.to have_enqueued_job(described_class) + expect { described_class.perform_later(account) }.to have_enqueued_job(described_class) .on_queue('medium') + .with(account) end it 'calls the ProcessAppliedSlaJob for both active and active_with_misses' do diff --git a/spec/enterprise/jobs/sla/process_applied_sla_job_spec.rb b/spec/enterprise/jobs/sla/process_applied_sla_job_spec.rb index fd56e0df3..66c8da823 100644 --- a/spec/enterprise/jobs/sla/process_applied_sla_job_spec.rb +++ b/spec/enterprise/jobs/sla/process_applied_sla_job_spec.rb @@ -3,14 +3,15 @@ require 'rails_helper' RSpec.describe Sla::ProcessAppliedSlaJob do context 'when perform is called' do let(:account) { create(:account) } + let(:applied_sla) { create(:applied_sla, account: account) } it 'enqueues the job' do - expect { described_class.perform_later }.to have_enqueued_job(described_class) + expect { described_class.perform_later(applied_sla) }.to have_enqueued_job(described_class) + .with(applied_sla) .on_queue('medium') end it 'calls the EvaluateAppliedSlaService' do - applied_sla = create(:applied_sla) expect(Sla::EvaluateAppliedSlaService).to receive(:new).with(applied_sla: applied_sla).and_call_original described_class.perform_now(applied_sla) end diff --git a/spec/jobs/account/contacts_export_job_spec.rb b/spec/jobs/account/contacts_export_job_spec.rb index 9fe10bb96..7c1858d0a 100644 --- a/spec/jobs/account/contacts_export_job_spec.rb +++ b/spec/jobs/account/contacts_export_job_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' RSpec.describe Account::ContactsExportJob do - subject(:job) { described_class.perform_later } + subject(:job) { described_class.perform_later(account.id, user.id, [], {}) } let(:account) { create(:account) } let(:user) { create(:user, account: account, email: 'account-user-test@test.com') } diff --git a/spec/jobs/conversations/resolution_job_spec.rb b/spec/jobs/conversations/resolution_job_spec.rb index ad2dee92b..1a812ac86 100644 --- a/spec/jobs/conversations/resolution_job_spec.rb +++ b/spec/jobs/conversations/resolution_job_spec.rb @@ -1,14 +1,14 @@ require 'rails_helper' RSpec.describe Conversations::ResolutionJob do - subject(:job) { described_class.perform_later(account) } + subject(:job) { described_class.perform_later(account: account) } let!(:account) { create(:account) } let!(:conversation) { create(:conversation, account: account) } it 'enqueues the job' do expect { job }.to have_enqueued_job(described_class) - .with(account) + .with(account: account) .on_queue('low') end diff --git a/spec/jobs/conversations/update_message_status_job_spec.rb b/spec/jobs/conversations/update_message_status_job_spec.rb index 0cdfb867d..ff5c90292 100644 --- a/spec/jobs/conversations/update_message_status_job_spec.rb +++ b/spec/jobs/conversations/update_message_status_job_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' RSpec.describe Conversations::UpdateMessageStatusJob do - subject(:job) { described_class.perform_later(account) } + subject(:job) { described_class.perform_later(conversation.id, conversation.contact_last_seen_at, :read) } let!(:account) { create(:account) } let!(:conversation) { create(:conversation, account: account, contact_last_seen_at: DateTime.now.utc) } @@ -9,7 +9,7 @@ RSpec.describe Conversations::UpdateMessageStatusJob do it 'enqueues the job' do expect { job }.to have_enqueued_job(described_class) - .with(account) + .with(conversation.id, conversation.contact_last_seen_at, :read) .on_queue('low') end diff --git a/spec/jobs/inboxes/fetch_imap_emails_job_spec.rb b/spec/jobs/inboxes/fetch_imap_emails_job_spec.rb index 5054a519c..da4b95b15 100644 --- a/spec/jobs/inboxes/fetch_imap_emails_job_spec.rb +++ b/spec/jobs/inboxes/fetch_imap_emails_job_spec.rb @@ -12,7 +12,7 @@ RSpec.describe Inboxes::FetchImapEmailsJob do describe '#perform' do it 'enqueues the job' do expect do - described_class.perform_later + described_class.perform_later(imap_email_channel, 1) end.to have_enqueued_job(described_class).on_queue('scheduled_jobs') end diff --git a/spec/jobs/migration/conversations_first_reply_scheduler_job_spec.rb b/spec/jobs/migration/conversations_first_reply_scheduler_job_spec.rb index 52ef7b574..4e3fcbb19 100644 --- a/spec/jobs/migration/conversations_first_reply_scheduler_job_spec.rb +++ b/spec/jobs/migration/conversations_first_reply_scheduler_job_spec.rb @@ -1,7 +1,7 @@ require 'rails_helper' RSpec.describe Migration::ConversationsFirstReplySchedulerJob do - subject(:job) { described_class.perform_later } + subject(:job) { described_class.perform_later(account) } let!(:account) { create(:account) } let!(:inbox) { create(:inbox, account: account) } @@ -10,6 +10,7 @@ RSpec.describe Migration::ConversationsFirstReplySchedulerJob do it 'enqueues the job' do expect { job }.to have_enqueued_job(described_class) .on_queue('scheduled_jobs') + .with(account) end context 'when there is an outgoing message in conversation' do diff --git a/spec/jobs/notification/remove_old_notification_job_spec.rb b/spec/jobs/notification/remove_old_notification_job_spec.rb index efc6616eb..1605d2da6 100644 --- a/spec/jobs/notification/remove_old_notification_job_spec.rb +++ b/spec/jobs/notification/remove_old_notification_job_spec.rb @@ -5,9 +5,8 @@ RSpec.describe Notification::RemoveOldNotificationJob do let(:conversation) { create(:conversation) } it 'enqueues the job' do - notification = create(:notification, user: user, notification_type: 'conversation_creation', primary_actor: conversation) expect do - described_class.perform_later(notification) + described_class.perform_later end.to have_enqueued_job(described_class) .on_queue('low') end