Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/helpers/submodule_helper_spec.rb
diff options
context:
space:
mode:
authorTiago Botelho <tiagonbotelho@hotmail.com>2017-09-15 17:28:41 +0300
committerTiago Botelho <tiagonbotelho@hotmail.com>2017-09-15 19:30:55 +0300
commit0169dd7f6f82bc91635a3d8ddfa8bd4b6a98f2eb (patch)
tree073dba598e04de1301be2261e9be17ce5c61e019 /spec/helpers/submodule_helper_spec.rb
parent5d3f7b133fba9bba876da5ef13c630320a920e3f (diff)
Fixes project denial of service via gitmodules using Extended ASCII.
Diffstat (limited to 'spec/helpers/submodule_helper_spec.rb')
-rw-r--r--spec/helpers/submodule_helper_spec.rb6
1 files changed, 6 insertions, 0 deletions
diff --git a/spec/helpers/submodule_helper_spec.rb b/spec/helpers/submodule_helper_spec.rb
index c4f4e0d21dc..5a2e4b34069 100644
--- a/spec/helpers/submodule_helper_spec.rb
+++ b/spec/helpers/submodule_helper_spec.rb
@@ -147,6 +147,12 @@ describe SubmoduleHelper do
expect(helper.submodule_links(submodule_item)).to eq([nil, nil])
end
+ it 'sanitizes invalid URL with extended ASCII' do
+ stub_url('é')
+
+ expect(helper.submodule_links(submodule_item)).to eq([nil, nil])
+ end
+
it 'returns original' do
stub_url('http://mygitserver.com/gitlab-org/gitlab-ce')
expect(submodule_links(submodule_item)).to eq([repo.submodule_url_for, nil])
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-15 22:53:28 +0300