0

We are developing a project with spring framework. we are using a tomcat cluster and in order to do some really advanced integration tests we added some controllers to the web app that are allowing some risky stuff that must not reach the production.

What we learned is that in order to do so we can use spring profiles and annotate the risky controllers as with the 

@profile("Staging")

This annotation makes sure the bean will be created only when the active profile is "Staging".

Call me paranoid but this risky code now resides on our svn and is part of the project code. It seems that the slieghtest mistake can lead to this code be part of production and allowing risky actions for exploiters.

moreover if some programmer forgets to annotate the code will reach the production for sure. we all make mistakes.

Is there any mitigation for this issue?

Urbanleg
  • 6,252
  • 16
  • 76
  • 139

2 Answers2

0

I'll call you a bit paranoid. (wink) Hopefully you also have integration tests in your application, and they usually set up some of the environment - if they ever were to run in a production environment, they would probably screw up your database, send messages to other systems, etc. You you don't worry about that. Why? Maybe you can use the answer to that to answer how you should package those risky pieces of code.

My suggestion: keep all the risky code in a single module (if you are using a multi-module build). Don't include this module in the production build (you can use maven profiles for that)

Or.. let the code check for itself whether it is allowed to run. Perhaps it can check for the presence of a certain file on the file system that you only create in your test environment.

It depends really on what you worry about.

But it is good to think about it. I know stories where load testing resulted in many orders being placed in an actual (external) order processing system.

Erwin Bolwidt
  • 30,799
  • 15
  • 56
  • 79
0

The mistake you are speaking about is adding staging to list of active profiles. Yes, it is easy to do this. However it is easy to remove files from file system format the hard disk and turn the electricity off. So, your question really sounds as a kind of paranoia... :)

I think that the problem is not in Spring profiles but in your development methodology. If you are not sure in some code it should not be in production at all. How to achieve this? Move from svn to git. And start using branches. Each task is a branch. Without exceptions. Each task must be tested. So you can deploy every branch you want to staging, test it and when you are sure that the code is ok merge/rebase it to master. Master should be tested as well, and then can be deployed to production.

In this case you do not need profile "staging".

AlexR
  • 114,158
  • 16
  • 130
  • 208