Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GG-6854 - Restrict test dependencies to test scope (Security issue) #89

Merged
merged 15 commits into from
May 17, 2023
Merged

GG-6854 - Restrict test dependencies to test scope (Security issue) #89

merged 15 commits into from
May 17, 2023

Conversation

szabolcs-szilagyi-hmrc
Copy link
Contributor

@szabolcs-szilagyi-hmrc
increase copyright's year
6c6df26
@szabolcs-szilagyi-hmrc
restrict the scope of scalacheck to testing only
f68f33f 
remove scalacheck's Gen from production code

using just a random generator to replace Gen; remove property testing from the class as it was not adding value to the test
@platops-pr-bot
Copy link

  • SBT can be updated to 1.7.2 in project/build.properties
  • Scala can be updated from 2.12.16 to 2.13.8 in build.sbt
  • uk.gov.hmrc.sbt-auto-build can be updated to 3.9.0 in project/plugins.sbt
  • uk.gov.hmrc.sbt-distributables can be updated to 2.2.0 in project/plugins.sbt
  • Deprecated config uk.gov.hmrc.play.bootstrap.AuditModule can be changed to uk.gov.hmrc.play.audit.AuditModule in conf/application.conf
  • Deprecated config uk.gov.hmrc.play.bootstrap.MicroserviceModule can be changed to uk.gov.hmrc.play.bootstrap.backend.BackendModule in conf/application.conf
  • Add uk.gov.hmrc.bootstrap-test-play-28 in project/AppDependencies.scala to provide recommended test dependencies. Use a variable to keep version in sync with bootstrap-play

@platops-pr-bot
Copy link

  • SBT can be updated to 1.7.2 in project/build.properties
  • Scala can be updated from 2.12.16 to 2.13.8 in build.sbt
  • uk.gov.hmrc.sbt-auto-build can be updated to 3.9.0 in project/plugins.sbt
  • uk.gov.hmrc.sbt-distributables can be updated to 2.2.0 in project/plugins.sbt
  • Deprecated config uk.gov.hmrc.play.bootstrap.AuditModule can be changed to uk.gov.hmrc.play.audit.AuditModule in conf/application.conf
  • Deprecated config uk.gov.hmrc.play.bootstrap.MicroserviceModule can be changed to uk.gov.hmrc.play.bootstrap.backend.BackendModule in conf/application.conf
  • Add uk.gov.hmrc.bootstrap-test-play-28 in project/AppDependencies.scala to provide recommended test dependencies. Use a variable to keep version in sync with bootstrap-play

@platops-pr-bot
Copy link

@platops-pr-bot
Copy link

ModisR
ModisR suggested changes May 12, 2023
View reviewed changes
app/controllers/testOnly/FeatureSwitchController.scala

def getFlags = {
def getFlags: Action[AnyContent] = {
Action.async { implicit request =>
Future(Ok(currentFeatureSwitchesAsJson))
}
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The async and Future can be dropped.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. If the implicit request parameter is unused, you can invoke the action builder without the underscore parameter thusly:

def getFlags: Action[AnyContent] = Action {
  Ok(currentFeatureSwitchesAsJson)
}

.scalafmt.conf
align {
preset = more
tokens = [
"extends",
Copy link

@ModisR ModisR May 12, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add ":" to these tokens to maintain alignment of type annotations in parameter lists. The Scalariform config had something to align parameter type annotations so continuing the tradition with Scalafmt will make the diff a little quieter.

project/AppDependencies.scala Outdated
"org.mockito" %% "mockito-scala-scalatest" % "1.17.12" % testScope,
"org.scalacheck" %% "scalacheck" % "1.17.0" % testScope,
"com.github.fge" % "json-schema-validator" % "2.2.6" % testScope,
"com.vladsch.flexmark" % "flexmark-all" % "0.64.0" % testScope
)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think instead of assigning testScope to a val, it's better to just put .map(_ % "test, it") here.

project/SilencerSettings.scala
compilerPlugin("com.github.ghik" % "silencer-plugin" % "1.7.9" cross CrossVersion.full),
"com.github.ghik" % "silencer-lib" % "1.7.9" % Provided cross CrossVersion.full
compilerPlugin("com.github.ghik" % "silencer-plugin" % silencerVersion cross CrossVersion.full),
"com.github.ghik" % "silencer-lib" % silencerVersion % Provided cross CrossVersion.full
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

project/plugins.sbt Outdated
addSbtPlugin("com.typesafe.play" % "sbt-plugin" % "2.8.19")
addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.4.6")
addSbtPlugin("org.scalariform" % "sbt-scalariform" % "1.8.3")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scalariform can be deleted.

ModisR
ModisR suggested changes May 15, 2023
View reviewed changes
app/controllers/testOnly/FeatureSwitchController.scala

def getFlags = {
def getFlags: Action[AnyContent] = {
Action.async { implicit request =>
Future(Ok(currentFeatureSwitchesAsJson))
}
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. If the implicit request parameter is unused, you can invoke the action builder without the underscore parameter thusly:

def getFlags: Action[AnyContent] = Action {
  Ok(currentFeatureSwitchesAsJson)
}

@AadilAkhtar AadilAkhtar merged commit 2ed5b60 into main May 17, 2023
@AadilAkhtar AadilAkhtar deleted the GG-6854 branch May 17, 2023 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ModisR ModisR ModisR approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@szabolcs-szilagyi-hmrc @platops-pr-bot @ModisR @AadilAkhtar