Privacy/Security concern: make it clear that a report file is uploaded to https://semaphoreci.com/

thromera commented 4 years ago

I was exploring the codebase of this gem, and I noticed the module InsightsUploader, which uploads a report file to https://semaphoreci.com. (https://github.com/renderedtext/test-boosters/blob/master/lib/test_boosters/insights_uploader.rb#L20 )

If we focus only on the RSpec generated reports, the formatter adds all text contained in the "examples", AND the comments below the examples. Example:

context 'my first context' do
  # This is a comment to explain my test 
  it 'does something' do
  end
end

reports

# Not sure of the finale uploaded file, it's basically a custom RSpec formatter. 
{
  context: {
    text: 'my first context',
    childs: [{
      it: {
        comment: 'This is a comment to explain my test',
        text: 'does something'
      }
    }]
  }
}

Reporting might be fine, as long as:

It is explicit for the user that data is being used, what data is exported, what's the point of exporting that data
there is an option to disable the reporting.

pboling commented 3 years ago

@renderedtext Please consider this issue.

pboling commented 3 years ago

Of note for future searchers of the web: there is a way to disable this on any systemd-compatible environment:

            mkdir -p $HOME/.local/bin
            touch $HOME/.local/bin/http && chmod +x $HOME/.local/bin/http

renderedtext / test-boosters

Privacy/Security concern: make it clear that a report file is uploaded to https://semaphoreci.com/ #74