Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Security Rules Unit Testing Pipeline Integratio...

Firebase Thailand
April 01, 2023
Technology
0
110

Security Rules Unit Testing Pipeline Integration for Firestore

Making sure the quality of our apps and web to be stable all the time would be challenging especially for critical issue such as security rules, here we will talk about how developers can integrate their security rules for cloud firestore within a pipeline integration for continuous deployment for a modern web application. We will get to know about Firebase Security Rules, Firebase Rules Testing Library. Firebase Emulator Suite, Cloud Firestore and Github Pipeline Integration.

Firebase Thailand

April 01, 2023
Tweet

More Decks by Firebase Thailand

See All by Firebase Thailand
What's New in Firebase 2024
firebasethailand
1
180
Adding New Capabilities to Your Apps with Firebase and Gemini API
firebasethailand
1
150
Say Hello to Cloud Functions for Firebase 2nd Gen
firebasethailand
1
330
What's New in Firebase 2023
firebasethailand
3
560
Building a more Efficient Firestore Web App
firebasethailand
1
170
Developing with Firebase - Best Practices
firebasethailand
0
170
Analyze your production issue on Firebase Crashlytics more efficient with BigQuery
firebasethailand
0
330
What I learn from Firebase when build Saifah
firebasethailand
0
120
Building Simple Collaborative Online IDE with AngularFire and Firepad
firebasethailand
0
100

Other Decks in Technology

See All in Technology
新卒1年目が向き合う生成AI事業の開発を加速させる技術選定 / ai-web-launcher
cyberagentdevelopers
PRO
7
1.5k
2024-10-30-reInventStandby_StudyGroup_Intro
shinichirokawano
1
620
君は隠しイベントを見つけれるか?
mujyun
0
280
Forget efficiency – Become more productive without the stress
ufried
0
110
とあるユーザー企業におけるリスクベースで考えるセキュリティ業務のお話し
4su_para
3
320
Jr. Championsになって、強く連携しながらAWSをもっと使いたい!~AWSに対する期待と行動~
amixedcolor
0
190
visionOSでの空間表現実装とImmersive Video表示について / ai-immersive-visionos
cyberagentdevelopers
PRO
1
110
Automated Promptingを目指すその前に / Before we can aim for Automated Prompting
rkaga
0
110
WINTICKETアプリで実現した高可用性と高速リリースを支えるエコシステム / winticket-eco-system
cyberagentdevelopers
PRO
1
190
Vueで Webコンポーネントを作って Reactで使う / 20241030-cloudsign-vuefes_after_night
bengo4com
4
2.5k
フルカイテン株式会社 採用資料
fullkaiten
0
36k
【技術書典17】OpenFOAM(自宅で極める流体解析)2次元円柱まわりの流れ
kamakiri1225
0
210

Featured

See All Featured
We Have a Design System, Now What?
morganepeng
50
7.2k
Writing Fast Ruby
sferik
626
61k
For a Future-Friendly Web
brad_frost
175
9.4k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
41
2.1k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
13
1.9k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
7.9k
Gamification - CAS2011
davidbonilla
80
5k
Git: the NoSQL Database
bkeepers
PRO
425
64k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Documentation Writing (for coders)
carmenintech
65
4.4k
What's new in Ruby 2.0
geeforr
342
31k
Product Roadmaps are Hard
iamctodd
PRO
48
10k

Transcript

  1. Security Rules Unit Testing Pipeline Integration for Firestore Google Developer

    Expert in Firebase Surahutomo Aziz Pradana Firebase Dev Day 2023 GDG Bangkok Firebase Thailand Organized by

  2. Let’s get to know each other! Now Web Mentor Lead

    Co-Lead 2015 2022 2019 2017

  3. Sensitive resources Realtime Database Firestore Storage

  4. Security Rules Realtime Database Firestore Storage Sensitive resources

  5. Security Rules Realtime Database Firestore Storage Sensitive resources ? Anonymous

  6. Security Rules Realtime Database Firestore Storage Sensitive resources ? Anonymous

    Admin

  7. Security Rules Realtime Database Firestore Storage Sensitive resources ? Anonymous

    Admin Developer

  8. What kind of protection that security rules can protect ?

  9. ? Anonymous Security Rules Realtime Database Firestore Storage Google Server

    - Prebuilt public and private key to prevent anomaly access X

  10. ? Anonymous Security Rules Realtime Database Firestore Storage Google Server

    - Prebuilt public and private key to prevent anomaly access - Prebuilt protect from any malicious attack X

  11. Admin Security Rules Realtime Database Firestore Storage Google Server -

    Updating the wrong record accidentally X

  12. Admin Security Rules Realtime Database Firestore Storage Google Server -

    Updating the wrong record accidentally - Manipulating the data or fraud X

  13. Admin Security Rules Realtime Database Firestore Storage Google Server -

    Updating the wrong record accidentally - Manipulating the data or fraud - Hacked admin account for suspicious action X

  14. Developer Security Rules Realtime Database Firestore Storage Google Server -

    Prevent bugs by protecting code payload consistency X

  15. rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match

    /members/{memberId} { allow write: if hasKey(["uid"]) } } } firestore.rules

  16. Developer Security Rules Realtime Database Firestore Storage Google Server -

    Prevent bugs by protecting code payload consistency - Prevent bugs when dev forget the specific rule in user flow journey X

  17. rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { function

    withSpecialCondition(role) { // return some special condition } match /members/{memberId} { allow write: if withSpecialCondition("special_role") } } } firestore.rules

  18. Developer Security Rules Realtime Database Firestore Storage Google Server -

    Prevent bugs by protecting code payload consistency - Prevent bugs when dev forget the specific rule in user flow journey - Increase code quality by using strong and centralized data flow and its operation X

  19. rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { function

    someFunction(role) { // return some function logic } match // collection name 1 { allow write: if // some condition 1 } match // collection name 2 { allow read: if // some condition 2 } } } firestore.rules

  20. Now, question is Is that protection enough ?

  21. Technically … YES

  22. But actually operationally … Nope

  23. There is a story, lemme introduce you to them !

  24. His name is Pyro-chan~ He is new fresh graduate engineer

  25. His name is Mr.Dart He is Senior Software Engineer

  26. They are childhood friends that has the same interest into

    tech!

  27. So, “Operationally … Nope” What might be missing i wonder

    ?

  28. Well, the factor is actually “Human Error”

  29. Oh yeahh, i remember! I think i had those mistakes

    ehehe

  30. Oh nooo! I have a product demo in a minute,

    I need to rush and finish this code ! Long time ago …

  31. Oh my, it breaks my old code :( I didn’t

    realize it! Then …

  32. Alright easy tasks, done! Let’s go home! Long time ago

  33. Oh my, it breaks my old code :( I didn’t

    realize it! Then …

  34. OKAY! This time i concentrated and not underestimate the code

    changes, looks fine! Long time ago …

  35. Oh my, it breaks my code, the library has changed

    its implementation and i didn’t realize it :( Then …

  36. See, because of those ..

  37. It might causing us : - Money Loss - Data

    breached - Anomaly data

  38. Sorry

  39. It’s okay, learning is what’s really important!

  40. Let me tell you something

  41. At least there are 3 levels Tech Testing Auto Building

    the security Testing the security level Automate the testing process Minimize human error by building this! So ..

  42. In that case what we can do is

  43. Steps : • Build our testing for security rules •

    Automate running the security rules testing • Protect the branch with the automation !

  44. Ahh.. Interesting ? ?

  45. So, Dana can you show us how ?

  46. in/retzd @retzd_ medium.com/@retzd g.dev/retzd devpost.com/retzd Thank you! Don’t forget to

    contact Dana, he is super helpful about Firebase!