A Story of upgrading a gem:
Everyone knows about the GitHub advisory database. It is a database of the latest security vulnerabilities of your open-source. On March 9th it has published a timing attack in the activerecord-session_store gem and it also provided a respective info of fix as well. As per the fix we just need to upgrade our gem to the latest version to avoid vulnerability. So we upgraded to the latest version and pushed in a separate branch just to make sure it doesn’t break anything. As a standard practice, we run Jenkins CI for every code push.
We thought our build will pass but to our surprise, the build got failed. We checked the build few test cases are failures and when we run them it passes which generally happens to the developer 😆. Following is the error:
undefined method `silence' for #<Logger:0x00007fed3c87c590>By seeing the error we get to know that we are calling silence method on logger object but the method doesn’t exist. This error we are getting from the activerecord-session_store gem. So to debug I forked the gem and set my bundle path to my GitHub account and added some print statements to see object details at the run time of test cases. Unfortunately no use.
After some googling I found that rails use ActiveSupport::Logger which is a sub class of ruby Logger class. When I checked gem code it is set as follows:
def logger
ActiveRecord::Base.logger || NilLogger
endAs you see it returns ActiveRecord::Base.logger which is nothing but ActiveSupport::Logger . But our error says undefined method ruby Logger object but not ActiveSupport::Logger . By this inference we can conclued some where in the code we are setting ActiveRecord::Base.loggerto ruby logger. After I searched throughout the code I found following piece:
ActiveRecord::Base.logger = Logger.new '/tmp/normalizer'If you see above piece it sets logger value to ruby Logger instead of ActiveSupport::Logger . So when we test this code and any test cases running after that are failing since we haven’t used ActiveSupport::Logger where silence method has been defined. So finally the fix would be:
ActiveRecord::Base.logger = ActiveSupport::Logger.new '/tmp/normalizer'Hence always try to use Rails way of settings instead of Ruby way, so in future you will face less problems when you do upgrading.
Thanks for reading. Any suggestions Welcome!!!