faker
faker copied to clipboard
faker-ruby
fix: add a config to force Faker::Internet generates .example domain
Thanks for the review @Zeragamba
I will fix the conflict now we have to store the config into the current thread, right?
Pinging the rest of the @faker-ruby/core-contributors to double check if we should have the new internet_safe_mode feature introduced by this PR enabled by default, and if that would require a major version change. This new feature sanitizes urls to use the .example TLD, ensuring any emails sent will not be delivered to a real human. See #2506 for the original issue.
I think this should be enabled by default, and only require a minor change. This is for a few reasons: Protects people from spam sooner then later; because the overal content of the generators will not change (other then the TLD); and because best practice should be to use .test or .example in test environments which Faker is primarily used in.
[...] now we have to store the config into the current thread, right? That would be good to do 👍
@Zeragamba you said that
Pinging the rest of the https://github.com/orgs/faker-ruby/teams/core-contributors to double check if we should have the new internet_safe_mode feature introduced by this PR enabled by default, and if that would require a major version change. This new feature sanitizes urls to use the .example TLD, ensuring any emails sent will not be delivered to a real human
so do I have to wait for a comment from the faker core contributor first?
Hmm... I just noticed that internet_safe mode just replaces the TLD on all addresses (We should open another PR to rename suffix to tld to make that more clear) which would not be my expectation for an internet safe mode.
I would expect for a safe mode to ensure that any address generated will always have either .example as a TLD or example as the domain name. Eg. example.org, example.com, foobar.example, and fizzbuzz.local are all internet safe addresses. If the sanitize method needs to change it, it should swap the domain for example. (eg: foobar.org => example.org)
For generators like domain_suffix / tld, these should still pull from the full list of TLDs as they're relatively harmless on their own. email, free_email, domain_name, url, should get all their outputs sanitized
We should also extend safe mode to include IP addresses as well (enforcing an 127.0.0.0/8 or ::ffff:0:0/96 address in safe mode)
you're right @Zeragamba
this PR will change all TLDs to be .example actually
I will change the domain name instead when the safe_mode is enabled
Hi @stefannibrasil
the intention why I adding the Faker::Config.internet_safe_mode? method is to make the API more readable
so there are two new methods on the Config module
-
internet_safe_mode= -
internet_safe_mode#=> boolean
what do you think?
@Zeragamba @stefannibrasil when the safe mode is active, the domain: 'xxx' argument in some methods will return xxx.com or is forced to example.com, for example, see https://github.com/faker-ruby/faker/pull/2506/files#diff-e513ba540bcef7dd08acead8bbc48b429c753de46d5d1fea9d72bf20c9ec43b1R459 ?
however this PR is still WIP
I think for arguments where the user specifies a domain, we should use that domain and not sanitize it. We can probably asume the user will specify a testing domain.
We're mainly concerned here with accidently generating a valid email address by default, but still want to get out of the way if the user is being specific about what they want to generate.
Also, sorry for the PR rename. Didn't realize that Github has a seperate draft state for PRs. Coming over here from GitLab which uses the draft: or wip: prefix to set that.
I just checked, I found that method #email just accepts domain argument, there is no domain_suffix argument
if we use email(domain: 'hello'), it would generate hello.com, hello.org, etc
so it means even the user won't able to specify specific domain like gmail-staging.com
email(domain: "gmail-staging.com") # => [email protected]
there are two methods that have domain argument, which are:
- domain_name
the intention why I adding the
Faker::Config.internet_safe_mode?method is to make the API more readable so there are two new methods on the Config module
I got it now, thanks for the clarification.
We're mainly concerned here with accidently generating a valid email address by default, but still want to get out of the way if the user is being specific about what they want to generate.
Isn't that the reason why safe_mode = false will still be available, for users to specify their test domains? From my understanding, when we enable safe_mode, we want all domains to be example. So, it makes sense to me to not even consider having the option of passing a custom domain. Or I am missing something here? :thinking:
when the safe mode is enabled, the domain: arg should be ignored I think
but it would make many test cases fail
any app that uses Faker and asserting the domain will fail
for an example:
expect(user.email(domain: "gmail.com")).to eq("[email protected]") # this will fail, because user's email is [email protected]
I feel like it's more productive to move the discussion to the issue. What do you think @saiqulhaq ?
There are lots of unknowns here. I find it hard to review, and measure the impact of a change that is not clear. There are new discussions in the issue, so I will post some thoughts here #2431
Would you be okay with closing this PR for now and reopening when we have a clear description of what's to be done? It would help with prioritizing work that is actively being worked on, and have a clear outcome. Thanks!