safeguard against accidentally using a remote DATABASE_URL

2018-03-17 17:30:51 +01:00 · 2018-03-17 17:30:51 +01:00 · 89cf05b0d3
parent bdd3537d60
commit 89cf05b0d3
3 changed files with 64 additions and 0 deletions
--- a/lib/database_cleaner/base.rb
+++ b/lib/database_cleaner/base.rb
@ -1,4 +1,5 @@
 require 'database_cleaner/null_strategy'
+require 'database_cleaner/safeguard'
 module DatabaseCleaner
  class Base
    include Comparable
@ -15,6 +16,7 @@ module DatabaseCleaner
      end
      self.db = opts[:connection] || opts[:model] if opts.has_key?(:connection) || opts.has_key?(:model)
      set_default_orm_strategy
+      Safeguard.new.run
    end

    def db=(desired_db)
--- a/lib/database_cleaner/safeguard.rb
+++ b/lib/database_cleaner/safeguard.rb
@ -0,0 +1,21 @@
+module DatabaseCleaner
+  DatabaseUrlSpecified = Class.new(Exception)
+
+  class Safeguard
+    def run
+      return if skip?
+      raise DatabaseUrlSpecified if env_db_url?
+    end
+
+    private
+
+      def env_db_url?
+        url = ENV['DATABASE_URL']
+        url && !url.include?('localhost')
+      end
+
+      def skip?
+        !!ENV['DATABASE_CLEANER_SKIP_SAFEGUARD']
+      end
+  end
+end
--- a/spec/database_cleaner/safeguard_spec.rb
+++ b/spec/database_cleaner/safeguard_spec.rb
@ -0,0 +1,41 @@
+require 'spec_helper'
+require 'active_record'
+require 'database_cleaner/active_record/transaction'
+
+module DatabaseCleaner
+  describe Safeguard do
+    let(:strategy) { DatabaseCleaner::ActiveRecord::Transaction }
+    let(:cleaner)  { Base.new(:autodetect) }
+
+    before { allow_any_instance_of(strategy).to receive(:start) }
+
+    describe 'DATABASE_URL is set' do
+      describe 'to any value' do
+        before { ENV['DATABASE_URL'] = 'postgres://remote.host' }
+        after  { ENV.delete('DATABASE_URL') }
+
+        it 'raises DatabaseUrlSpecified' do
+          expect { cleaner.start }.to raise_error(DatabaseUrlSpecified)
+        end
+      end
+
+      describe 'to a local url' do
+        before { ENV['DATABASE_URL'] = 'postgres://localhost' }
+        after  { ENV.delete('DATABASE_URL') }
+
+        it 'does not raise' do
+          expect { cleaner.start }.to_not raise_error
+        end
+      end
+
+      describe 'DATABASE_CLEANER_SKIP_SAFEGUARD is set' do
+        before { ENV['DATABASE_CLEANER_SKIP_SAFEGUARD'] = 'true' }
+        after  { ENV.delete('DATABASE_CLEANER_SKIP_SAFEGUARD') }
+
+        it 'does not raise' do
+          expect { cleaner.start }.to_not raise_error
+        end
+      end
+    end
+  end
+end