chore(ci): fix lint, brakeman, and test command (#34)

bstruong · web-flow · commit 283e9842b77c · 2026-05-11T15:45:58.000-07:00
* chore(ci): fix lint, brakeman, and test command - Rubocop: auto-corrected Layout/HashAlignment in ConnectionScoreCalculator and its spec. - Brakeman: rewrote Person.with_upcoming_events to use integer-encoded month*100+day instead of an interpolated tuple IN clause. Same semantics, no string interpolation, resolves the weak SQL-injection warning. - CI test job: project uses RSpec; switched the runner from �[1mUnrecognized command "test" (�[1;4mRails::Command::UnrecognizedCommandError�[m�[1m)�[m (Minitest) to /home/brian/.rbenv/versions/3.4.8/bin/ruby -I/home/brian/.rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/rspec-core-3.13.6/lib:/home/brian/.rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/rspec-support-3.13.7/lib /home/brian/.rbenv/versions/3.4.8/lib/ruby/gems/3.4.0/gems/rspec-core-3.13.6/exe/rspec --pattern spec/\*\*\{,/\*/\*\*\}/\*_spec.rb ............................*........................................................................................................ Pending: (Failures listed here are expected and do not affect your suite's status) 1) User add some examples to (or delete) /home/brian/projects/saber/spec/models/user_spec.rb # Not yet implemented # ./spec/models/user_spec.rb:4 Finished in 0.62195 seconds (files took 0.32583 seconds to load) 133 examples, 0 failures, 1 pending. These checks have been failing since M5; M5 backend likely merged via admin bypass. Landing this first so M6 frontend PR #33 can rebase onto green main. * chore(deps): bump nokogiri 1.19.2 → 1.19.3 - Patches GHSA-c4rq-3m3g-8wgx (High, CSS selector tokenizer regex backtracking) and GHSA-v2fc-qm4h-8hqv (Medium, XSLT memory leak). - Surfaced by `bin/bundler-audit` in the scan_ruby CI job, which was already failing alongside the other three issues in this PR. - Transitive update only — no `Gemfile` change.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,10 +20,10 @@ jobs:
 
       - name: Scan for common Rails security vulnerabilities using static analysis
         run: bin/brakeman --no-pager
-      
+
       - name: Scan for known security vulnerabilities in gems used
         run: bin/bundler-audit
-      
+
   lint:
     runs-on: ubuntu-latest
     env:
@@ -87,4 +87,6 @@ jobs:
           DATABASE_URL: postgres://postgres:postgres@localhost:5432
           # RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
           # REDIS_URL: redis://localhost:6379/0
-        run: bin/rails db:test:prepare test
+        run: |
+          bin/rails db:test:prepare
+          bin/rails spec
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -173,17 +173,17 @@ GEM
       net-protocol
     net-ssh (7.3.2)
     nio4r (2.7.5)
-    nokogiri (1.19.2-aarch64-linux-gnu)
+    nokogiri (1.19.3-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.19.2-aarch64-linux-musl)
+    nokogiri (1.19.3-aarch64-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.19.2-arm-linux-gnu)
+    nokogiri (1.19.3-arm-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.19.2-arm-linux-musl)
+    nokogiri (1.19.3-arm-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.19.2-x86_64-linux-gnu)
+    nokogiri (1.19.3-x86_64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.19.2-x86_64-linux-musl)
+    nokogiri (1.19.3-x86_64-linux-musl)
       racc (~> 1.4)
     orm_adapter (0.5.0)
     ostruct (0.6.3)
diff --git a/app/models/person.rb b/app/models/person.rb
@@ -25,10 +25,9 @@ class Person < ApplicationRecord
 
   scope :with_upcoming_events, -> {
     today = Date.today
-    upcoming = (today...(today + UPCOMING_DAYS_WINDOW)).map { |d| [ d.month, d.day ] }
-    placeholders = upcoming.map { "(?, ?)" }.join(", ")
+    upcoming_keys = (today...(today + UPCOMING_DAYS_WINDOW)).map { |day| day.month * 100 + day.day }
     joins(:important_dates)
-      .where("(important_dates.month, important_dates.day) IN (#{placeholders})", *upcoming.flatten)
+      .where("important_dates.month * 100 + important_dates.day IN (?)", upcoming_keys)
       .distinct
   }
 
diff --git a/app/services/connection_score_calculator.rb b/app/services/connection_score_calculator.rb
@@ -1,10 +1,10 @@
 class ConnectionScoreCalculator
   RING_SCORE = {
-    "inner_circle"  => 4,
-    "network"       => 3,
-    "community"     => 2,
+    "inner_circle" => 4,
+    "network" => 3,
+    "community" => 2,
     "acquaintances" => 1,
-    "stranger"      => 1
+    "stranger" => 1
   }.freeze
 
   TWO_WEEKS = 14
diff --git a/spec/services/connection_score_calculator_spec.rb b/spec/services/connection_score_calculator_spec.rb
@@ -3,11 +3,11 @@
 RSpec.describe ConnectionScoreCalculator do
   def baseline_person(**overrides)
     create(:person,
-      ring:                 :stranger,
-      score_source:         :manual,
-      importance_score:     1,
-      reciprocity_score:    1,
-      shared_values_score:  1,
+      ring:                :stranger,
+      score_source:        :manual,
+      importance_score:    1,
+      reciprocity_score:   1,
+      shared_values_score: 1,
       **overrides
     )
   end
