Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lthompson/APPEALS-50152 #23498

Open
wants to merge 1 commit into
base: feature/APPEALS-47217-added-tests
Choose a base branch
from
Open

lthompson/APPEALS-50152 #23498

wants to merge 1 commit into from
+80 −0

Conversation

lauren-e-thompson
Copy link
Contributor

@lauren-e-thompson lauren-e-thompson commented Nov 14, 2024
edited
Loading

Resolves APPEALS-50152

Description

As a Caseflow developer I need to write k6 Test Case, so that endpoints can perform validations.

Acceptance Criteria

  • k6 test is written to to target /reader/appeal/:uuid
  • k6 test is written to to target /reader/appeal/:uuid/documents
  • k6 test is written to to target /idt/api/v1/upload_document
  • k6 test is written to to target /idt/api/v1/addresses/validate
  • k6 test is written to to target /idt/api/v1/appeals
  • k6 test is written to to target /idt/api/v1/appeals/:uuid
  • k6 test is written to to target /appeals/:uuid/tasks
  • k6 test is written to to target /decision_reviews/vha
  • k6 test is written to to target /api/v2/appeals
  • The tests are written so that endpoints can perform in accordance with our SLOs under normal system load
  • The tests are written so that the load for each endpoint is obtained via Dynatrace metrics
  • 1-2 checks are added for each endpoint to ensure that they are processing requests properly.

Testing Plan

  1. Go to APPEALS-64698

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 14, 2024
View reviewed changes
app/controllers/test/load_tests_controller.rb
@@ -6,6 +6,7 @@
require "base64"
class Test::LoadTestsController < ApplicationController
before_action :check_environment
skip_before_action :verify_authenticity_token

Check failure

Code scanning / CodeQL

CSRF protection weakened or disabled High test

Potential CSRF vulnerability due to forgery protection being disabled or weakened.

Copilot Autofix AI about 8 hours ago

To fix the problem, we need to re-enable CSRF protection for the LoadTestsController. This can be done by removing the skip_before_action :verify_authenticity_token line. This change will ensure that all actions within this controller require a valid CSRF token, thereby protecting against CSRF attacks.

Suggested changeset 1
app/controllers/test/load_tests_controller.rb

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/app/controllers/test/load_tests_controller.rb b/app/controllers/test/load_tests_controller.rb
--- a/app/controllers/test/load_tests_controller.rb
+++ b/app/controllers/test/load_tests_controller.rb
@@ -8,3 +8,3 @@
   before_action :check_environment
-  skip_before_action :verify_authenticity_token
+
 
EOF
@@ -8,3 +8,3 @@
before_action :check_environment
skip_before_action :verify_authenticity_token


Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line needs to be removed

msteele96
msteele96 requested changes Nov 14, 2024
View reviewed changes
Copy link
Contributor

@msteele96 msteele96 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolve CodeQL and merge conflicts before I can review this

app/controllers/test/load_tests_controller.rb
@@ -6,6 +6,7 @@
require "base64"
class Test::LoadTestsController < ApplicationController
before_action :check_environment
skip_before_action :verify_authenticity_token
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line needs to be removed

client/app/constants/LoadTestScenarios.json
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All additions to this file need to be redone. You need to pull latest from this feature and resolve conflicts. There is a new pattern that needs to be followed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msteele96 msteele96 msteele96 requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@lauren-e-thompson @msteele96