Re: Permission to allow testing harness to send error reports for pgweb directly to mailing list.

From: Akshat Jaimini <destrex271(at)gmail(dot)com>
To: Daniel Gustafsson <daniel(at)yesql(dot)se>, pgsql-www(at)lists(dot)postgresql(dot)org, Magnus Hagander <magnus(at)hagander(dot)net>
Subject: Re: Permission to allow testing harness to send error reports for pgweb directly to mailing list.
Date: 2023-10-06 06:05:01
Message-ID: CAMaW3VhQ-tfc6cHx=QxLgDsWHYFccZPz=JOq87frnkaANmPggw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-www

> Publishing this report to a website would handle that I think.
I had sent a proposal/tried to start a discussion for this a few days
earlier :
https://www.postgresql.org/message-id/CAMaW3Vg%2BGoQ3JPNo%2BfbLk9ajQv%3D4g4J-bzSAH0OJL7S71_qMig%40mail.gmail.com
It would actually make the reporting mechanism a lot easier if we can
publish the results to a website. I am currently working on a small
prototype in golang. Currently the reports are being stored as artifacts on
Github actions(only available for 90 days) but we can use services like
Supabase etc to store our reports and present them on the website. Once we
integrate supabase we can get rid of Github artifacts for good.

> One question, would this test harness detect and report potential
security issues like XSS?
Security related tests were not added in the Gsoc timeline but we are
planning to add them. Maybe when we add those tests we can create a
separate section on the proposed website only available to some 'admins'
with all these sensitive reports being displayed there.

We can actually benefit with some more discussion on this.

Regards,
Akshat Jaimini

On Thu, Oct 5, 2023 at 8:32 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:

> > On 3 Oct 2023, at 21:30, Akshat Jaimini <destrex271(at)gmail(dot)com> wrote:
>
> > > That is, if it finds the same issue on a later run, it must not
> re-send the same thing. How does it work in regards to that today?
> >
> > As per the current flow whenever a new commit is pushed to the pgweb
> repo, the tests are executed. If some tests fail, an error report is sent
> with the information of all the failed tests. So if that particular issue
> has been resolved, the same report won't be sent but if some other commit
> is pushed without resolving that particular issue then that particular
> error will be reported again.
>
> That doesn't seem terribly great, while bugs and errors should be fixed
> when
> found, sending reports of them repeatedly risk reporting-fatigue.
> Publishing
> this report to a website would handle that I think.
>
> One question, would this test harness detect and report potential security
> issues like XSS? If so we should probably limit the audience of the
> report..
>
>
> --
> Daniel Gustafsson
>
>

In response to

Responses

Browse pgsql-www by date

  From Date Subject
Next Message Daniel Gustafsson 2023-10-06 12:38:35 Re: Permission to allow testing harness to send error reports for pgweb directly to mailing list.
Previous Message Daniel Gustafsson 2023-10-05 15:02:39 Re: Permission to allow testing harness to send error reports for pgweb directly to mailing list.