6d6b8317c5
Committee is rack middleware that validates requests and responses for
adherence to an openapi specification. It will limit the kind of
(possibly malicious) input to the API part of the program. And, it
because it checks the test suite, and we have a 100% branch coverage
policy covering routes, fixing schema problems will keep the openapi
specification up to date as people add features.
committee already detected some mistakes, such as being too relaxed
about content types, in 793b61f260.
Applying committee obsoletes some validation code, but not a lot: at
least some validations are also called from the web application,
rather than the API. It's not clear to me how well these can be
converged to reduce code.
However, it does obsolete several validation-related API *tests* that
were rolled in with API application testing: now, the entire API is
covered in a consistent way for that kind of thing: parsable JSON,
missing fields, extra fields, etc.
Here's a measurement of the overhead of checking all those requests
for schema conformance in test: it's not really measurable on a
whole-suite basis.
Without:
> hyperfine -w 3 -- 'bundle exec rspec'
Benchmark 1: bundle exec rspec
Time (mean ± σ): 29.790 s ± 2.182 s [User: 19.139 s, System: 1.391 s]
Range (min … max): 26.130 s … 33.358 s 10 runs
With:
> hyperfine -w 3 -- 'bundle exec rspec'
Benchmark 1: bundle exec rspec
Time (mean ± σ): 28.378 s ± 1.483 s [User: 18.705 s, System: 1.364 s]
Range (min … max): 25.428 s … 30.742 s 10 runs
No, that's not swapped. There's just something else going on that
makes noise larger than the margin of error.
441 lines
10 KiB
Plaintext
441 lines
10 KiB
Plaintext
GIT
|
|
remote: https://github.com/ubicloud/erb-formatter.git
|
|
revision: a9ff0001a1eb028e2186b222aeb02b07c04f9808
|
|
ref: a9ff0001a1eb028e2186b222aeb02b07c04f9808
|
|
specs:
|
|
erb-formatter (0.4.3)
|
|
syntax_tree (~> 6.0)
|
|
|
|
GEM
|
|
remote: https://rubygems.org/
|
|
specs:
|
|
Ascii85 (2.0.1)
|
|
acme-client (2.0.19)
|
|
base64 (~> 0.2.0)
|
|
faraday (>= 1.0, < 3.0.0)
|
|
faraday-retry (>= 1.0, < 3.0.0)
|
|
actionview (8.0.0)
|
|
activesupport (= 8.0.0)
|
|
builder (~> 3.1)
|
|
erubi (~> 1.11)
|
|
rails-dom-testing (~> 2.2)
|
|
rails-html-sanitizer (~> 1.6)
|
|
activesupport (8.0.0)
|
|
base64
|
|
benchmark (>= 0.3)
|
|
bigdecimal
|
|
concurrent-ruby (~> 1.0, >= 1.3.1)
|
|
connection_pool (>= 2.2.5)
|
|
drb
|
|
i18n (>= 1.6, < 2)
|
|
logger (>= 1.4.2)
|
|
minitest (>= 5.1)
|
|
securerandom (>= 0.3)
|
|
tzinfo (~> 2.0, >= 2.0.5)
|
|
uri (>= 0.13.1)
|
|
addressable (2.8.7)
|
|
public_suffix (>= 2.0.2, < 7.0)
|
|
afm (0.2.2)
|
|
android_key_attestation (0.3.0)
|
|
argon2 (2.3.0)
|
|
ffi (~> 1.15)
|
|
ffi-compiler (~> 1.0)
|
|
argon2-kdf (0.2.0)
|
|
ast (2.4.2)
|
|
awesome_print (1.9.2)
|
|
aws-eventstream (1.3.0)
|
|
aws-partitions (1.1016.0)
|
|
aws-sdk-core (3.214.0)
|
|
aws-eventstream (~> 1, >= 1.3.0)
|
|
aws-partitions (~> 1, >= 1.992.0)
|
|
aws-sigv4 (~> 1.9)
|
|
jmespath (~> 1, >= 1.6.1)
|
|
aws-sdk-kms (1.96.0)
|
|
aws-sdk-core (~> 3, >= 3.210.0)
|
|
aws-sigv4 (~> 1.5)
|
|
aws-sdk-s3 (1.175.0)
|
|
aws-sdk-core (~> 3, >= 3.210.0)
|
|
aws-sdk-kms (~> 1)
|
|
aws-sigv4 (~> 1.5)
|
|
aws-sigv4 (1.10.1)
|
|
aws-eventstream (~> 1, >= 1.0.2)
|
|
base64 (0.2.0)
|
|
bcrypt_pbkdf (1.1.1)
|
|
bcrypt_pbkdf (1.1.1-arm64-darwin)
|
|
bcrypt_pbkdf (1.1.1-x86_64-darwin)
|
|
benchmark (0.4.0)
|
|
better_html (2.1.1)
|
|
actionview (>= 6.0)
|
|
activesupport (>= 6.0)
|
|
ast (~> 2.0)
|
|
erubi (~> 1.4)
|
|
parser (>= 2.4)
|
|
smart_properties
|
|
bigdecimal (3.1.8)
|
|
bindata (2.5.0)
|
|
brakeman (6.2.2)
|
|
racc
|
|
builder (3.3.0)
|
|
by (1.1.0)
|
|
byebug (11.1.3)
|
|
capybara (3.40.0)
|
|
addressable
|
|
matrix
|
|
mini_mime (>= 0.1.3)
|
|
nokogiri (~> 1.11)
|
|
rack (>= 1.6.0)
|
|
rack-test (>= 0.6.3)
|
|
regexp_parser (>= 1.5, < 3.0)
|
|
xpath (~> 3.2)
|
|
cbor (0.5.9.8)
|
|
chunky_png (1.4.0)
|
|
coderay (1.1.3)
|
|
committee (5.3.0)
|
|
json_schema (~> 0.14, >= 0.14.3)
|
|
openapi_parser (~> 2.0)
|
|
rack (>= 1.5)
|
|
concurrent-ruby (1.3.4)
|
|
connection_pool (2.4.1)
|
|
cose (1.3.1)
|
|
cbor (~> 0.5.9)
|
|
openssl-signature_algorithm (~> 1.0)
|
|
countries (7.0.0)
|
|
unaccent (~> 0.3)
|
|
crack (1.0.0)
|
|
bigdecimal
|
|
rexml
|
|
crass (1.0.6)
|
|
cuprite (0.15.1)
|
|
capybara (~> 3.0)
|
|
ferrum (~> 0.15.0)
|
|
date (3.4.1)
|
|
diff-lcs (1.5.1)
|
|
docile (1.4.1)
|
|
drb (2.2.1)
|
|
ed25519 (1.3.0)
|
|
erubi (1.13.0)
|
|
excon (1.2.2)
|
|
faraday (2.12.1)
|
|
faraday-net_http (>= 2.0, < 3.5)
|
|
json
|
|
logger
|
|
faraday-net_http (3.4.0)
|
|
net-http (>= 0.5.0)
|
|
faraday-retry (2.2.1)
|
|
faraday (~> 2.0)
|
|
ferrum (0.15)
|
|
addressable (~> 2.5)
|
|
concurrent-ruby (~> 1.1)
|
|
webrick (~> 1.7)
|
|
websocket-driver (~> 0.7)
|
|
ffi (1.17.0-aarch64-linux-gnu)
|
|
ffi (1.17.0-aarch64-linux-musl)
|
|
ffi (1.17.0-arm64-darwin)
|
|
ffi (1.17.0-x86_64-darwin)
|
|
ffi (1.17.0-x86_64-linux-gnu)
|
|
ffi (1.17.0-x86_64-linux-musl)
|
|
ffi-compiler (1.3.2)
|
|
ffi (>= 1.15.5)
|
|
rake
|
|
foreman (0.88.1)
|
|
hashdiff (1.1.2)
|
|
hashery (2.1.2)
|
|
i18n (1.14.6)
|
|
concurrent-ruby (~> 1.0)
|
|
jmespath (1.6.2)
|
|
json (2.8.2)
|
|
json_schema (0.21.0)
|
|
base64
|
|
jwt (2.9.3)
|
|
base64
|
|
language_server-protocol (3.17.0.3)
|
|
lint_roller (1.1.0)
|
|
logger (1.6.2)
|
|
loofah (2.23.1)
|
|
crass (~> 1.0.2)
|
|
nokogiri (>= 1.12.0)
|
|
mail (2.8.1)
|
|
mini_mime (>= 0.1.1)
|
|
net-imap
|
|
net-pop
|
|
net-smtp
|
|
matrix (0.4.2)
|
|
method_source (1.1.0)
|
|
mini_mime (1.1.5)
|
|
minitest (5.25.2)
|
|
net-http (0.6.0)
|
|
uri
|
|
net-imap (0.5.1)
|
|
date
|
|
net-protocol
|
|
net-pop (0.1.2)
|
|
net-protocol
|
|
net-protocol (0.2.2)
|
|
timeout
|
|
net-smtp (0.5.0)
|
|
net-protocol
|
|
net-ssh (7.3.0)
|
|
netaddr (2.0.6)
|
|
nio4r (2.7.4)
|
|
nokogiri (1.16.8-aarch64-linux)
|
|
racc (~> 1.4)
|
|
nokogiri (1.16.8-arm64-darwin)
|
|
racc (~> 1.4)
|
|
nokogiri (1.16.8-x86_64-darwin)
|
|
racc (~> 1.4)
|
|
nokogiri (1.16.8-x86_64-linux)
|
|
racc (~> 1.4)
|
|
octokit (9.2.0)
|
|
faraday (>= 1, < 3)
|
|
sawyer (~> 0.9)
|
|
openapi_parser (2.2.1)
|
|
openssl (3.2.0)
|
|
openssl-signature_algorithm (1.3.0)
|
|
openssl (> 2.0)
|
|
pagerduty (4.0.1)
|
|
parallel (1.26.3)
|
|
parallel_tests (4.7.2)
|
|
parallel
|
|
parser (3.3.6.0)
|
|
ast (~> 2.4.1)
|
|
racc
|
|
pdf-core (0.10.0)
|
|
pdf-reader (2.13.0)
|
|
Ascii85 (>= 1.0, < 3.0, != 2.0.0)
|
|
afm (~> 0.2.1)
|
|
hashery (~> 2.0)
|
|
ruby-rc4
|
|
ttfunk
|
|
pg (1.5.9)
|
|
prawn (2.5.0)
|
|
matrix (~> 0.4)
|
|
pdf-core (~> 0.10.0)
|
|
ttfunk (~> 1.8)
|
|
prawn-table (0.2.2)
|
|
prawn (>= 1.3.0, < 3.0.0)
|
|
prettier_print (1.2.1)
|
|
pry (0.14.2)
|
|
coderay (~> 1.1)
|
|
method_source (~> 1.0)
|
|
pry-byebug (3.10.1)
|
|
byebug (~> 11.0)
|
|
pry (>= 0.13, < 0.15)
|
|
public_suffix (6.0.1)
|
|
puma (6.5.0)
|
|
nio4r (~> 2.0)
|
|
racc (1.8.1)
|
|
rack (3.1.8)
|
|
rack-test (2.1.0)
|
|
rack (>= 1.3)
|
|
rack-unreloader (2.1.0)
|
|
rackup (2.2.1)
|
|
rack (>= 3)
|
|
rails-dom-testing (2.2.0)
|
|
activesupport (>= 5.0.0)
|
|
minitest
|
|
nokogiri (>= 1.6)
|
|
rails-html-sanitizer (1.6.1)
|
|
loofah (~> 2.21)
|
|
nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
|
|
rainbow (3.1.1)
|
|
rake (13.2.1)
|
|
refrigerator (1.7.0)
|
|
regexp_parser (2.9.2)
|
|
rexml (3.3.9)
|
|
roda (3.86.0)
|
|
rack
|
|
rodauth (2.37.0)
|
|
roda (>= 2.6.0)
|
|
sequel (>= 4)
|
|
rotp (6.3.0)
|
|
rqrcode (2.2.0)
|
|
chunky_png (~> 1.0)
|
|
rqrcode_core (~> 1.0)
|
|
rqrcode_core (1.2.0)
|
|
rspec (3.13.0)
|
|
rspec-core (~> 3.13.0)
|
|
rspec-expectations (~> 3.13.0)
|
|
rspec-mocks (~> 3.13.0)
|
|
rspec-core (3.13.2)
|
|
rspec-support (~> 3.13.0)
|
|
rspec-expectations (3.13.3)
|
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
rspec-support (~> 3.13.0)
|
|
rspec-mocks (3.13.2)
|
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
rspec-support (~> 3.13.0)
|
|
rspec-support (3.13.1)
|
|
rubocop (1.68.0)
|
|
json (~> 2.3)
|
|
language_server-protocol (>= 3.17.0)
|
|
parallel (~> 1.10)
|
|
parser (>= 3.3.0.2)
|
|
rainbow (>= 2.2.2, < 4.0)
|
|
regexp_parser (>= 2.4, < 3.0)
|
|
rubocop-ast (>= 1.32.2, < 2.0)
|
|
ruby-progressbar (~> 1.7)
|
|
unicode-display_width (>= 2.4.0, < 3.0)
|
|
rubocop-ast (1.36.2)
|
|
parser (>= 3.3.1.0)
|
|
rubocop-capybara (2.21.0)
|
|
rubocop (~> 1.41)
|
|
rubocop-erb (0.5.4)
|
|
better_html
|
|
rubocop (~> 1.45)
|
|
rubocop-performance (1.22.1)
|
|
rubocop (>= 1.48.1, < 2.0)
|
|
rubocop-ast (>= 1.31.1, < 2.0)
|
|
rubocop-rake (0.6.0)
|
|
rubocop (~> 1.0)
|
|
rubocop-rspec (3.2.0)
|
|
rubocop (~> 1.61)
|
|
rubocop-sequel (0.3.7)
|
|
rubocop (~> 1.0)
|
|
ruby-progressbar (1.13.0)
|
|
ruby-rc4 (0.1.5)
|
|
safety_net_attestation (0.4.0)
|
|
jwt (~> 2.0)
|
|
sawyer (0.9.2)
|
|
addressable (>= 2.3.5)
|
|
faraday (>= 0.17.3, < 3)
|
|
securerandom (0.3.2)
|
|
sequel (5.87.0)
|
|
bigdecimal
|
|
sequel-annotate (1.7.0)
|
|
sequel (>= 4)
|
|
sequel_pg (1.17.1)
|
|
pg (>= 0.18.0, != 1.2.0)
|
|
sequel (>= 4.38.0)
|
|
simplecov (0.22.0)
|
|
docile (~> 1.1)
|
|
simplecov-html (~> 0.11)
|
|
simplecov_json_formatter (~> 0.1)
|
|
simplecov-html (0.13.1)
|
|
simplecov_json_formatter (0.1.4)
|
|
smart_properties (1.17.0)
|
|
standard (1.42.1)
|
|
language_server-protocol (~> 3.17.0.2)
|
|
lint_roller (~> 1.0)
|
|
rubocop (~> 1.68.0)
|
|
standard-custom (~> 1.0.0)
|
|
standard-performance (~> 1.5)
|
|
standard-custom (1.0.2)
|
|
lint_roller (~> 1.0)
|
|
rubocop (~> 1.50)
|
|
standard-performance (1.5.0)
|
|
lint_roller (~> 1.1)
|
|
rubocop-performance (~> 1.22.0)
|
|
stripe (12.6.0)
|
|
syntax_tree (6.2.0)
|
|
prettier_print (>= 1.2.0)
|
|
tilt (2.4.0)
|
|
timeout (0.4.2)
|
|
tpm-key_attestation (0.12.1)
|
|
bindata (~> 2.4)
|
|
openssl (> 2.0)
|
|
openssl-signature_algorithm (~> 1.0)
|
|
ttfunk (1.8.0)
|
|
bigdecimal (~> 3.1)
|
|
turbo_tests (2.2.4)
|
|
parallel_tests (>= 3.3.0, < 5)
|
|
rspec (>= 3.10)
|
|
tzinfo (2.0.6)
|
|
concurrent-ruby (~> 1.0)
|
|
unaccent (0.4.0)
|
|
unicode-display_width (2.6.0)
|
|
uri (1.0.2)
|
|
warning (1.4.0)
|
|
webauthn (3.2.2)
|
|
android_key_attestation (~> 0.3.0)
|
|
bindata (~> 2.4)
|
|
cbor (~> 0.5.9)
|
|
cose (~> 1.1)
|
|
openssl (>= 2.2)
|
|
safety_net_attestation (~> 0.4.0)
|
|
tpm-key_attestation (~> 0.12.0)
|
|
webmock (3.24.0)
|
|
addressable (>= 2.8.0)
|
|
crack (>= 0.3.2)
|
|
hashdiff (>= 0.4.0, < 2.0.0)
|
|
webrick (1.9.0)
|
|
websocket-driver (0.7.6)
|
|
websocket-extensions (>= 0.1.0)
|
|
websocket-extensions (0.1.5)
|
|
xpath (3.2.0)
|
|
nokogiri (~> 1.8)
|
|
|
|
PLATFORMS
|
|
aarch64-linux
|
|
aarch64-linux-musl
|
|
arm64-darwin-22
|
|
arm64-darwin-23
|
|
arm64-darwin-24
|
|
x86_64-darwin-20
|
|
x86_64-darwin-23
|
|
x86_64-linux
|
|
x86_64-linux-musl
|
|
|
|
DEPENDENCIES
|
|
acme-client (~> 2.0)
|
|
argon2
|
|
argon2-kdf
|
|
awesome_print
|
|
aws-sdk-s3 (~> 1.175)
|
|
bcrypt_pbkdf
|
|
brakeman
|
|
by (>= 1.1.0)
|
|
capybara
|
|
committee
|
|
countries
|
|
cuprite
|
|
ed25519
|
|
erb-formatter!
|
|
erubi (>= 1.5)
|
|
excon
|
|
foreman
|
|
jwt
|
|
mail
|
|
net-ssh
|
|
netaddr
|
|
nokogiri
|
|
octokit
|
|
pagerduty (>= 4.0)
|
|
pdf-reader
|
|
prawn (~> 2.5)
|
|
prawn-table (~> 0.2.2)
|
|
pry
|
|
pry-byebug
|
|
puma (>= 6.2.2)
|
|
rack-unreloader (>= 1.8)
|
|
rackup
|
|
rake
|
|
refrigerator (>= 1)
|
|
roda (>= 3.86)
|
|
rodauth (>= 2.37)
|
|
rotp
|
|
rqrcode
|
|
rspec
|
|
rubocop-capybara
|
|
rubocop-erb
|
|
rubocop-performance
|
|
rubocop-rake
|
|
rubocop-rspec
|
|
rubocop-sequel
|
|
sequel (>= 5.87)
|
|
sequel-annotate
|
|
sequel_pg (>= 1.8)
|
|
simplecov
|
|
standard (>= 1.24.3)
|
|
stripe
|
|
tilt (>= 2.2)
|
|
turbo_tests
|
|
warning
|
|
webauthn (~> 3.2)
|
|
webmock
|
|
|
|
RUBY VERSION
|
|
ruby 3.2.6p234
|
|
|
|
BUNDLED WITH
|
|
2.5.17
|