Address rubocop and brakeman issues

rsmithlal · rsmithlal · commit 4d34092294d1 · 2024-06-10T20:17:32.000-02:30
diff --git a/app/controllers/better_together/pages_controller.rb b/app/controllers/better_together/pages_controller.rb
@@ -30,7 +30,7 @@ def create
       authorize @page
 
       if @page.save
-        redirect_to @page, notice: 'Page was successfully created.'
+        redirect_to safe_page_redirect_url, notice: 'Page was successfully created.'
       else
         render :new
       end
@@ -44,7 +44,7 @@ def update
       authorize @page
 
       if @page.update(page_params)
-        redirect_to @page, notice: 'Page was successfully updated.'
+        redirect_to safe_page_redirect_url, notice: 'Page was successfully updated.'
       else
         render :edit
       end
@@ -58,6 +58,22 @@ def destroy
 
     private
 
+    def page
+      path = params[:path]
+      id_param = path.present? ? path : params[:id]
+
+      @page ||= ::BetterTogether::Page.friendly.find(id_param)
+    end
+    
+    def safe_page_redirect_url
+      if page
+        url = url_for(page)
+        return url if url.start_with?(root_url)
+      end
+
+      root_url # Fallback to a safe URL if the original is not safe
+    end
+
     def set_page
       path = params[:path]
       id_param = path.present? ? path : params[:id]
diff --git a/spec/dummy/config/environments/production.rb b/spec/dummy/config/environments/production.rb
@@ -82,7 +82,7 @@
   config.active_support.report_deprecations = false
 
   # Use default logging formatter so that PID and timestamp are not suppressed.
-  config.log_formatter = ::Logger::Formatter.new
+  config.log_formatter = Logger::Formatter.new
 
   # Use a different logger for distributed setups.
   # require "syslog/logger"
diff --git a/spec/dummy/config/initializers/asset_sync.rb b/spec/dummy/config/initializers/asset_sync.rb
@@ -4,16 +4,16 @@
   AssetSync.configure do |config|
     config.fog_provider = 'AWS'
 
-    config.aws_access_key_id = ENV['AWS_ACCESS_KEY_ID']
-    config.aws_secret_access_key = ENV['AWS_SECRET_ACCESS_KEY']
+    config.aws_access_key_id = ENV.fetch('AWS_ACCESS_KEY_ID', nil)
+    config.aws_secret_access_key = ENV.fetch('AWS_SECRET_ACCESS_KEY', nil)
 
     config.aws_session_token = ENV['AWS_SESSION_TOKEN'] if ENV.key?('AWS_SESSION_TOKEN')
 
     # Ensure that aws_iam_roles is set to false if not explicitly required
     config.aws_iam_roles = ENV['AWS_IAM_ROLES'] == 'true'
 
-    config.fog_directory = ENV['FOG_DIRECTORY']
-    config.fog_region = ENV['FOG_REGION']
+    config.fog_directory = ENV.fetch('FOG_DIRECTORY', nil)
+    config.fog_region = ENV.fetch('FOG_REGION', nil)
 
     # Additional configurations (commented out by default)
     # config.aws_reduced_redundancy = true
diff --git a/spec/dummy/config/initializers/sidekiq.rb b/spec/dummy/config/initializers/sidekiq.rb
@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 Sidekiq.configure_server do |config|
-  config.redis = { url: ENV['REDIS_URL'] }
+  config.redis = { url: ENV.fetch('REDIS_URL', nil) }
 end
 
 Sidekiq.configure_client do |config|
-  config.redis = { url: ENV['REDIS_URL'] }
+  config.redis = { url: ENV.fetch('REDIS_URL', nil) }
 end
