coverband 5.2.6.rc.2 → 5.2.6.rc.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4a0693cadfb1b345691f9994b565b05f06ebb1fb808bde8327cea50c192aee3f
-  data.tar.gz: 1bcdb4b2bc3a346bfd5b74b2be5638cc286a88247c6ea1e2908ed4ef74e6e5d0
+  metadata.gz: '039bd98899c0794752cb3244029b3bce0d9d6ebda8ddf449423e94e44741acb5'
+  data.tar.gz: 5b19acc65170a2f2c6d66a750a7e958759e90caca808943426481828c26dedfa
 SHA512:
-  metadata.gz: 11392bc75a3b44770d2a33cdf1bcdff9ad0127ea715be57c5d2b7b2f5f4e4d50bda5caa394015239eaf03f9aab62dcdba647692cbf479ace08a9ec9ff0d06ead
-  data.tar.gz: 652ad15638ed7da3d7a509c40eefe0f855e71e24843b98dc896213a3c7ba52ff88bcafba47fccff754e6dff25f76b145ce7bb8117f1f55afc8104e9de2233500
+  metadata.gz: 51e2ef52b7bd14f677845d6d565872ab9a607990ff28e89ba020f5fe8f8a65d728400f241ea2d70647580f2387e2115f9d033e450704d821d9a1664be5457f76
+  data.tar.gz: 62dc029eb498529c31e81a297db3afb5a1d95a716d0802ed0b99128b8405f937b6d90c61eb3d0dc49df4f2faf9b9c2545ae5f54dbda9db2d04e3b6465001a75d

data/.github/workflows/diagram.yml

@@ -13,4 +13,5 @@ jobs:
       - name: Update diagram
         uses: githubocto/repo-visualizer@main
         with:
-          excluded_paths: "ignore,.github"
+          excluded_paths: "ignore,.github"
+          branch: diagram

data/.github/workflows/main.yml

@@ -21,11 +21,11 @@ jobs:
         # removing jruby again to flaky
         # ruby: [2.3, 2.4, 2.5, 2.6, 2.7, "3.0", "3.1", jruby]
         # need to add support for multiple gemfiles
-        ruby: ["2.7", "3.0", "3.1"]
+        ruby: ["2.7", "3.0", "3.1", "3.2"]
         redis-version: [4, 5, 6]
     runs-on: ${{ matrix.os }}-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: supercharge/redis-github-action@1.2.0
       - uses: ruby/setup-ruby@v1
         with:

data/README.md

@@ -207,9 +207,9 @@ config.ignore +=  ['config/application.rb',
                    'config/boot.rb',
                    'config/puma.rb',
                    'config/schedule.rb',
-                   'bin/*',
-                   'config/environments/*',
-                   'lib/tasks/*']
+                   'bin/.*',
+                   'config/environments/.*',
+                   'lib/tasks/.*']
 ```
 
 **Ignoring Custom Gem Locations:** Note, if you have your gems in a custom location under your app folder you likely want to add them to `config.ignore`. For example, if you have your gems not in a default ignored location of `app/vendor` but have them in `app/gems` you would need to add `gems/*` to your ignore list.
@@ -437,7 +437,7 @@ What is the coverage data in Redis?
 
 A diagram of the code.
 
-![Visualization of this repo](./diagram.svg)
+![Visualization of this repo](https://raw.githubusercontent.com/danmayer/coverband/diagram/diagram.svg)
 
 ## Logo
 

data/changes.md

@@ -1,6 +1,10 @@
 ### Coverband 5.2.6
 
+__NOTE: the current RCs include below, but this might turn into coverband 6.0__
+
 - add support for translation keys
+- refactor non Coverage.so based trackers
+- adds CSP report support (thanks @jwg2s)
 
 ### Coverband 5.2.5
 

data/lib/coverband/configuration.rb

@@ -11,7 +11,8 @@ module Coverband
       :view_tracker, :defer_eager_loading_data,
       :track_routes, :route_tracker,
       :track_translations, :translations_tracker,
-      :trackers
+      :trackers, :csp_policy
+
     attr_writer :logger, :s3_region, :s3_bucket, :s3_access_key_id,
       :s3_secret_access_key, :password, :api_key, :service_url, :coverband_timeout, :service_dev_mode,
       :service_test_mode, :process_type, :track_views, :redis_url,
@@ -82,6 +83,7 @@ module Coverband
       @all_root_paths = nil
       @all_root_patterns = nil
       @password = nil
+      @csp_policy = false
 
       # coverband service settings
       @api_key = nil
@@ -205,7 +207,10 @@ module Coverband
     # Don't allow the ignore to override things like gem tracking
     ###
     def ignore=(ignored_array)
+      ignored_array.map { |ignore_str| Regexp.new(ignore_str) }
       @ignore = (@ignore + ignored_array).uniq
+    rescue RegexpError
+      logger.error "an invalid regular expression was passed in, ensure string are valid regex patterns #{ignored_array.join(",")}"
     end
 
     def current_root

data/lib/coverband/reporters/web.rb

@@ -13,6 +13,22 @@ module Coverband
     class Web
       attr_reader :request
 
+      CSP_HEADER = [
+        "default-src 'self' https: http:",
+        "child-src 'self'",
+        "connect-src 'self' https: http: wss: ws:",
+        "font-src 'self' https: http:",
+        "frame-src 'self'",
+        "img-src 'self' https: http: data:",
+        "manifest-src 'self'",
+        "media-src 'self'",
+        "object-src 'none'",
+        "script-src 'self' https: http: 'unsafe-inline'",
+        "style-src 'self' https: http: 'unsafe-inline'",
+        "worker-src 'self'",
+        "base-uri 'self'"
+      ].join("; ").freeze
+
       def init_web
         full_path = Gem::Specification.find_by_name("coverband").full_gem_path
         @static = Rack::Static.new(self,
@@ -58,26 +74,26 @@ module Coverband
             when %r{\/clear}
               clear
             else
-              [404, {"Content-Type" => "text/html"}, ["404 error!"]]
+              [404, coverband_headers, ["404 error!"]]
             end
           else
             case request_path_info
             when /.*\.(css|js|gif|png)/
               @static.call(env)
             when %r{\/settings}
-              [200, {"Content-Type" => "text/html"}, [settings]]
+              [200, coverband_headers, [settings]]
             when %r{\/view_tracker_data}
-              [200, {"Content-Type" => "text/json"}, [view_tracker_data]]
+              [200, coverband_headers(content_type: "text/json"), [view_tracker_data]]
             when %r{\/enriched_debug_data}
-              [200, {"Content-Type" => "text/json"}, [enriched_debug_data]]
+              [200, coverband_headers(content_type: "text/json"), [enriched_debug_data]]
             when %r{\/debug_data}
-              [200, {"Content-Type" => "text/json"}, [debug_data]]
+              [200, coverband_headers(content_type: "text/json"), [debug_data]]
             when %r{\/load_file_details}
-              [200, {"Content-Type" => "text/json"}, [load_file_details]]
+              [200, coverband_headers(content_type: "text/json"), [load_file_details]]
             when %r{\/$}
-              [200, {"Content-Type" => "text/html"}, [index]]
+              [200, coverband_headers, [index]]
             else
-              [404, {"Content-Type" => "text/html"}, ["404 error!"]]
+              [404, coverband_headers, ["404 error!"]]
             end
           end
         end
@@ -174,6 +190,14 @@ module Coverband
 
       private
 
+      def coverband_headers(content_type: "text/html")
+        web_headers = {
+          "Content-Type" => content_type
+        }
+        web_headers["Content-Security-Policy-Report-Only"] = CSP_HEADER if Coverband.configuration.csp_policy
+        web_headers
+      end
+
       # This method should get the root mounted endpoint
       # for example if the app is mounted like so:
       # mount Coverband::Web, at: '/coverage'

data/lib/coverband/version.rb

@@ -5,5 +5,5 @@
 # use format "4.2.1.rc.1" ~> 4.2.1.rc to prerelease versions like v4.2.1.rc.2 and v4.2.1.rc.3
 ###
 module Coverband
-  VERSION = "5.2.6.rc.2"
+  VERSION = "5.2.6.rc.3"
 end

data/roadmap.md

@@ -6,51 +6,51 @@
   - [redis bitmaps](http://blog.getspool.com/2011/11/29/fast-easy-realtime-metrics-using-redis-bitmaps/)
   - [redis bitfield](https://stackoverflow.com/questions/47100606/optimal-way-to-store-array-of-integers-in-redis-database)
 - Add support for [zadd](http://redis.io/topics/data-types-intro) so one could determine single call versus multiple calls on a line, letting us determine the most executed code in production.
+- Changes and updates to Ruby Coverage Library that helps support templates
+  - https://github.com/ioquatix/covered
+  - https://github.com/simplecov-ruby/simplecov/pull/1037
+- Consider A Coverband Pro / Option to run coverband service locally
+- review how humperdink / e70 track translations, particularly how humperdink uses dirty sets with redis, for perf improvements for trackers
+  - https://github.com/livingsocial/humperdink
+  - https://github.com/sergioisidoro/e7o/blob/master/lib/e7o.rb
+- Possible Cross Application Support to track library usage?
+- Reducing differences between coverband local and coverband service
 
-### Coverband Future...
+### Coverband Next...
 
 Will be the fully modern release that drops maintenance legacy support in favor of increased performance, ease of use, and maintainability.
 
-- Release will be aimed as significantly simplifying ease of use
-  - near zero config setup for Rails apps
-  - add built-in support for easy loading via Railties
-  - built in support for activejob, sidekiq, and other common frameworks
-  - reduced configuration options
-- support oneshot
-- drop middleware figure out a way to kick off background without middelware
+- look at adding a DB tracker
+- defaults to oneshot for coverage
+- possibly splits coverage and all other covered modules
+- drop middleware figure out a way to kick off background without middelware, possibly use similar process forking detection to humperdink
+  - https://github.com/livingsocial/humperdink/blob/master/lib/humperdink/fork_savvy_redis.rb
 - options on reporting
   - background reporting
   - or middleware reporting
 - Support for file versions
   - md5 or release tags
   - add coverage timerange support
-- Drop Simplecov dependency
 - improved web reporting
   - lists current config options
   - eventually allow updating remote config
   - full theming
-  - list redis data dump for debugging
+  - list redis data dump for debugging (refactor built in debug support)
 - additional adapters: Memcache, S3, and ActiveRecord
 - add articles / podcasts like prontos readme https://github.com/prontolabs/pronto
-- Add detailed Gem usage report, if we collect and send gem usage we can give percentage of gem code used, which should help application developers know when to remove gem dependencies (0%) or perhaps inline single methods for little usage (using <= 5%) for example.
-- add meta data information first seen last recorded to the coverage report views (probably need to drop simplecov for that).
+- add meta data information first seen last recorded to the coverage report views (per file / per method?).
   - more details in this issue: https://github.com/danmayer/coverband/issues/118
-- Make good video on setup, install, usage
 - See if we can add support for views / templates
   - using this technique https://github.com/ioquatix/covered
 - Better default grouping (could use groups features for gems for rails controllers, models, lib, etc)
 - Improved logging for easier debugging and development
   - drop the verbose mode and better support standard logger levels
-- Possibly setup a build assets system
-  - my JS rules expanded the compressed JS at the top of application.js, basically we want to stitch together JS
-  - I guess we could also load multiple JS files as most of the JS is just default compressed JS and a tiny amount of actual app JS.
-- lazy load for Coverband results
-- view layer file coverage
+  - redo the logger entirely
+- redo config system and allow live config updates via webui
 - move all code to work with relative paths leaving only stdlib Coverage working on full paths
-- add gem_safe_lists to track only some gems
-- add gem_details_safe list to report on details on some gems
-- - display gems that are in loaded with 0 coverage, thanks @kbaum
 
-# Alpha / Beta / Release Candidates
+# Out of Scope
 
-### Coverband 5.?.?
+It is important for a project to not only know what problems it is trying to solve, but what things are out of scope. We will start to try to document that here:
+
+* We have in the past tried to add coverage tracking for all gems, this added a lot of complexity and compuation overhead and slowed things down to much. It also was of less value than we had hoped. There are alterntative ways to instrument a shared library to track across multiple applications, and single application gem utilization is easier to handle in a one of basis. It is unlikely we will support that again.

data/test/coverband/configuration_test.rb

@@ -38,6 +38,16 @@ class BaseTest < Minitest::Test
     assert_equal expected, Coverband.configuration.ignore
   end
 
+  test "ignore catches regex errors" do
+    Coverband.configuration.logger.expects(:error).with("an invalid regular expression was passed in, ensure string are valid regex patterns *invalidRegex*")
+    Coverband.configure do |config|
+      config.ignore = ["*invalidRegex*"]
+    end
+    Coverband::Collectors::Coverage.instance.reset_instance
+    expected = Coverband::Configuration::IGNORE_DEFAULTS << "config/environments"
+    assert_equal expected, Coverband.configuration.ignore
+  end
+
   test "ignore" do
     Coverband::Collectors::Coverage.instance.reset_instance
     assert !Coverband.configuration.ignore.first.nil?

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: coverband
 version: !ruby/object:Gem::Version
-  version: 5.2.6.rc.2
+  version: 5.2.6.rc.3
 platform: ruby
 authors:
 - Dan Mayer
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-05 00:00:00.000000000 Z
+date: 2023-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: benchmark-ips