diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:42:57 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:42:57 +0300 |
commit | 1fb0bae24e6686b3571fc1c44cbf239d8563e0d7 (patch) | |
tree | f2023d9164543389c3eee436de750d8a49c3a535 /spec/controllers/projects | |
parent | 2fa10931183f6d699f77575f084770b1e4b5470d (diff) |
Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee
Diffstat (limited to 'spec/controllers/projects')
-rw-r--r-- | spec/controllers/projects/refs_controller_spec.rb | 90 |
1 files changed, 60 insertions, 30 deletions
diff --git a/spec/controllers/projects/refs_controller_spec.rb b/spec/controllers/projects/refs_controller_spec.rb index 0b1d0b75de7..7ea0e678a41 100644 --- a/spec/controllers/projects/refs_controller_spec.rb +++ b/spec/controllers/projects/refs_controller_spec.rb @@ -12,40 +12,70 @@ RSpec.describe Projects::RefsController, feature_category: :source_code_manageme end describe 'GET #switch' do - using RSpec::Parameterized::TableSyntax + context 'with normal parameters' do + using RSpec::Parameterized::TableSyntax - let(:id) { 'master' } - let(:params) do - { destination: destination, namespace_id: project.namespace.to_param, project_id: project, id: id, - ref_type: ref_type } - end + let(:id) { 'master' } + let(:id_and_path) { "#{id}/#{path}" } + + let(:params) do + { destination: destination, namespace_id: project.namespace.to_param, project_id: project, id: id, + ref_type: ref_type, path: path } + end + + subject { get :switch, params: params } + + where(:destination, :ref_type, :path, :redirected_to) do + 'tree' | nil | nil | lazy { project_tree_path(project, id) } + 'tree' | 'heads' | nil | lazy { project_tree_path(project, id) } + 'tree' | nil | 'foo/bar' | lazy { project_tree_path(project, id_and_path) } + 'blob' | nil | nil | lazy { project_blob_path(project, id) } + 'blob' | 'heads' | nil | lazy { project_blob_path(project, id) } + 'blob' | nil | 'foo/bar' | lazy { project_blob_path(project, id_and_path) } + 'graph' | nil | nil | lazy { project_network_path(project, id) } + 'graph' | 'heads' | nil | lazy { project_network_path(project, id, ref_type: 'heads') } + 'graph' | nil | 'foo/bar' | lazy { project_network_path(project, id_and_path) } + 'graphs' | nil | nil | lazy { project_graph_path(project, id) } + 'graphs' | 'heads' | nil | lazy { project_graph_path(project, id, ref_type: 'heads') } + 'graphs' | nil | 'foo/bar' | lazy { project_graph_path(project, id_and_path) } + 'find_file' | nil | nil | lazy { project_find_file_path(project, id) } + 'find_file' | 'heads' | nil | lazy { project_find_file_path(project, id) } + 'find_file' | nil | 'foo/bar' | lazy { project_find_file_path(project, id_and_path) } + 'graphs_commits' | nil | nil | lazy { commits_project_graph_path(project, id) } + 'graphs_commits' | 'heads' | nil | lazy { commits_project_graph_path(project, id) } + 'graphs_commits' | nil | 'foo/bar' | lazy { commits_project_graph_path(project, id_and_path) } + 'badges' | nil | nil | lazy { project_settings_ci_cd_path(project, ref: id) } + 'badges' | 'heads' | nil | lazy { project_settings_ci_cd_path(project, ref: id) } + 'badges' | nil | 'foo/bar' | lazy { project_settings_ci_cd_path(project, ref: id_and_path) } + 'commits' | nil | nil | lazy { project_commits_path(project, id) } + 'commits' | 'heads' | nil | lazy { project_commits_path(project, id, ref_type: 'heads') } + 'commits' | nil | 'foo/bar' | lazy { project_commits_path(project, id_and_path) } + nil | nil | nil | lazy { project_commits_path(project, id) } + nil | 'heads' | nil | lazy { project_commits_path(project, id, ref_type: 'heads') } + nil | nil | 'foo/bar' | lazy { project_commits_path(project, id_and_path) } + end - subject { get :switch, params: params } - - where(:destination, :ref_type, :redirected_to) do - 'tree' | nil | lazy { project_tree_path(project, id) } - 'tree' | 'heads' | lazy { project_tree_path(project, id) } - 'blob' | nil | lazy { project_blob_path(project, id) } - 'blob' | 'heads' | lazy { project_blob_path(project, id) } - 'graph' | nil | lazy { project_network_path(project, id) } - 'graph' | 'heads' | lazy { project_network_path(project, id, ref_type: 'heads') } - 'graphs' | nil | lazy { project_graph_path(project, id) } - 'graphs' | 'heads' | lazy { project_graph_path(project, id, ref_type: 'heads') } - 'find_file' | nil | lazy { project_find_file_path(project, id) } - 'find_file' | 'heads' | lazy { project_find_file_path(project, id) } - 'graphs_commits' | nil | lazy { commits_project_graph_path(project, id) } - 'graphs_commits' | 'heads' | lazy { commits_project_graph_path(project, id) } - 'badges' | nil | lazy { project_settings_ci_cd_path(project, ref: id) } - 'badges' | 'heads' | lazy { project_settings_ci_cd_path(project, ref: id) } - 'commits' | nil | lazy { project_commits_path(project, id) } - 'commits' | 'heads' | lazy { project_commits_path(project, id, ref_type: 'heads') } - nil | nil | lazy { project_commits_path(project, id) } - nil | 'heads' | lazy { project_commits_path(project, id, ref_type: 'heads') } + with_them do + it 'redirects to destination' do + expect(subject).to redirect_to(redirected_to) + end + end end - with_them do - it 'redirects to destination' do - expect(subject).to redirect_to(redirected_to) + context 'with bad path parameter' do + it 'returns 400 bad request' do + params = { + destination: 'tree', + namespace_id: project.namespace.to_param, + project_id: project, + id: 'master', + ref_type: nil, + path: '../bad_path_redirect' + } + + get :switch, params: params + + expect(response).to have_gitlab_http_status(:bad_request) end end end |