> Publishing this report to a website would handle that I think.
It would actually make the reporting mechanism a lot easier if we can publish the results to a website. I am currently working on a small prototype in golang. Currently the reports are being stored as artifacts on Github actions(only available for 90 days) but we can use services like Supabase etc to store our reports and present them on the website. Once we integrate supabase we can get rid of Github artifacts for good.
> One question, would this test harness detect and report potential security issues like XSS?
Security related tests were not added in the Gsoc timeline but we are planning to add them. Maybe when we add those tests we can create a separate section on the proposed website only available to some 'admins' with all these sensitive reports being displayed there.
We can actually benefit with some more discussion on this.
Regards,
Akshat Jaimini
> On 3 Oct 2023, at 21:30, Akshat Jaimini <destrex271@gmail.com> wrote:
> > That is, if it finds the same issue on a later run, it must not re-send the same thing. How does it work in regards to that today?
>
> As per the current flow whenever a new commit is pushed to the pgweb repo, the tests are executed. If some tests fail, an error report is sent with the information of all the failed tests. So if that particular issue has been resolved, the same report won't be sent but if some other commit is pushed without resolving that particular issue then that particular error will be reported again.
That doesn't seem terribly great, while bugs and errors should be fixed when
found, sending reports of them repeatedly risk reporting-fatigue. Publishing
this report to a website would handle that I think.
One question, would this test harness detect and report potential security
issues like XSS? If so we should probably limit the audience of the report..
--
Daniel Gustafsson