From: | Akshat Jaimini <destrex271(at)gmail(dot)com> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se>, pgsql-www(at)lists(dot)postgresql(dot)org, Magnus Hagander <magnus(at)hagander(dot)net> |
Subject: | Re: Permission to allow testing harness to send error reports for pgweb directly to mailing list. |
Date: | 2023-10-06 17:12:28 |
Message-ID: | CAMaW3ViOZYfxYMTYVHLOZHhVejSQ-BA0_X8hAmwwAPkxuVVObg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-www |
> I clicked through the linked repo but I was unable to see an example
testrun.
You can find the reports here:
https://github.com/destrex271/pgweb-testing-harness/actions/runs/6189299124
. You can check the 'report', 'test-log' and 'failure_logs' artifacts, the
other ones are experimental for now.
> For tests like that we must really think about scope, limiting the report
isn't useful if we publish the tests for anyone to run themselves and thus
generate the report.
> Malicious actors are no doubt probing the website continuously regardless
of this, but we don't necessarily need to do the job for them.
Oh yes, that is a valid point, I guess we might need to separate these
tests then in some private repo? I don't know if this is possible though
but we can think of some other approaches. Because if we keep those tests
publicly available that will just create more problems for us, as you
mentioned in your reply.
I'll try to find more approaches to this because the private repository
does not seem to go with the idea of open source. I might be wrong about
this, so please let me know if I am wrong.
Regards,
Akshat Jaimini
On Fri, Oct 6, 2023 at 6:09 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> > On 6 Oct 2023, at 08:05, Akshat Jaimini <destrex271(at)gmail(dot)com> wrote:
> >
> > > Publishing this report to a website would handle that I think.
> > I had sent a proposal/tried to start a discussion for this a few days
> earlier
>
> It would probably help if you could link to a report from a run of the test
> suite. I clicked through the linked repo but I was unable to see an
> example
> testrun.
>
> > > One question, would this test harness detect and report potential
> security issues like XSS?
> > Security related tests were not added in the Gsoc timeline but we are
> planning to add them. Maybe when we add those tests we can create a
> separate section on the proposed website only available to some 'admins'
> with all these sensitive reports being displayed there.
>
> For tests like that we must really think about scope, limiting the report
> isn't
> useful if we publish the tests for anyone to run themselves and thus
> generate
> the report. Malicious actors are no doubt probing the website continuously
> regardless of this, but we don't necessarily need to do the job for them.
>
> --
> Daniel Gustafsson
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2023-10-06 22:15:04 | Re: pglister: issue with materialized view after upgrade (+ solution) |
Previous Message | Daniel Gustafsson | 2023-10-06 12:38:35 | Re: Permission to allow testing harness to send error reports for pgweb directly to mailing list. |