Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/banzai
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2021-01-20 22:34:23 +0300
committerRobert Speicher <rspeicher@gmail.com>2021-01-20 22:34:23 +0300
commit6438df3a1e0fb944485cebf07976160184697d72 (patch)
tree00b09bfd170e77ae9391b1a2f5a93ef6839f2597 /spec/lib/banzai
parent42bcd54d971da7ef2854b896a7b34f4ef8601067 (diff)
Add latest changes from gitlab-org/gitlab@13-8-stable-eev13.8.0-rc42
Diffstat (limited to 'spec/lib/banzai')
-rw-r--r--spec/lib/banzai/filter/asset_proxy_filter_spec.rb10
-rw-r--r--spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb12
-rw-r--r--spec/lib/banzai/filter/reference_redactor_filter_spec.rb31
-rw-r--r--spec/lib/banzai/filter/sanitization_filter_spec.rb24
-rw-r--r--spec/lib/banzai/filter/truncate_source_filter_spec.rb31
-rw-r--r--spec/lib/banzai/pipeline/description_pipeline_spec.rb2
-rw-r--r--spec/lib/banzai/pipeline/gfm_pipeline_spec.rb4
-rw-r--r--spec/lib/banzai/pipeline/pre_process_pipeline_spec.rb8
8 files changed, 89 insertions, 33 deletions
diff --git a/spec/lib/banzai/filter/asset_proxy_filter_spec.rb b/spec/lib/banzai/filter/asset_proxy_filter_spec.rb
index 2a4ee28130b..1f886059bf6 100644
--- a/spec/lib/banzai/filter/asset_proxy_filter_spec.rb
+++ b/spec/lib/banzai/filter/asset_proxy_filter_spec.rb
@@ -35,8 +35,8 @@ RSpec.describe Banzai::Filter::AssetProxyFilter do
expect(Gitlab.config.asset_proxy.enabled).to be_truthy
expect(Gitlab.config.asset_proxy.secret_key).to eq 'shared-secret'
expect(Gitlab.config.asset_proxy.url).to eq 'https://assets.example.com'
- expect(Gitlab.config.asset_proxy.whitelist).to eq %w(gitlab.com *.mydomain.com)
- expect(Gitlab.config.asset_proxy.domain_regexp).to eq /^(gitlab\.com|.*?\.mydomain\.com)$/i
+ expect(Gitlab.config.asset_proxy.allowlist).to eq %w(gitlab.com *.mydomain.com)
+ expect(Gitlab.config.asset_proxy.domain_regexp).to eq(/^(gitlab\.com|.*?\.mydomain\.com)$/i)
end
context 'when whitelist is empty' do
@@ -46,7 +46,7 @@ RSpec.describe Banzai::Filter::AssetProxyFilter do
described_class.initialize_settings
- expect(Gitlab.config.asset_proxy.whitelist).to eq [Gitlab.config.gitlab.host]
+ expect(Gitlab.config.asset_proxy.allowlist).to eq [Gitlab.config.gitlab.host]
end
end
end
@@ -56,8 +56,8 @@ RSpec.describe Banzai::Filter::AssetProxyFilter do
stub_asset_proxy_setting(enabled: true)
stub_asset_proxy_setting(secret_key: 'shared-secret')
stub_asset_proxy_setting(url: 'https://assets.example.com')
- stub_asset_proxy_setting(whitelist: %W(gitlab.com *.mydomain.com #{Gitlab.config.gitlab.host}))
- stub_asset_proxy_setting(domain_regexp: described_class.compile_whitelist(Gitlab.config.asset_proxy.whitelist))
+ stub_asset_proxy_setting(allowlist: %W(gitlab.com *.mydomain.com #{Gitlab.config.gitlab.host}))
+ stub_asset_proxy_setting(domain_regexp: described_class.compile_allowlist(Gitlab.config.asset_proxy.allowlist))
@context = described_class.transform_context({})
end
diff --git a/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb b/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb
index 1f65268bd3c..67b480f8973 100644
--- a/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb
+++ b/spec/lib/banzai/filter/broadcast_message_sanitization_filter_spec.rb
@@ -5,9 +5,9 @@ require 'spec_helper'
RSpec.describe Banzai::Filter::BroadcastMessageSanitizationFilter do
include FilterSpecHelper
- it_behaves_like 'default whitelist'
+ it_behaves_like 'default allowlist'
- describe 'custom whitelist' do
+ describe 'custom allowlist' do
it_behaves_like 'XSS prevention'
it_behaves_like 'sanitize link'
@@ -26,19 +26,19 @@ RSpec.describe Banzai::Filter::BroadcastMessageSanitizationFilter do
end
context 'when `a` elements have `style` attribute' do
- let(:whitelisted_style) { 'color: red; border: blue; background: green; padding: 10px; margin: 10px; text-decoration: underline;' }
+ let(:allowed_style) { 'color: red; border: blue; background: green; padding: 10px; margin: 10px; text-decoration: underline;' }
context 'allows specific properties' do
- let(:exp) { %{<a href="#" style="#{whitelisted_style}">Stylish Link</a>} }
+ let(:exp) { %{<a href="#" style="#{allowed_style}">Stylish Link</a>} }
it { is_expected.to eq(exp) }
end
it 'disallows other properties in `style` attribute on `a` elements' do
- style = [whitelisted_style, 'position: fixed'].join(';')
+ style = [allowed_style, 'position: fixed'].join(';')
doc = filter(%{<a href="#" style="#{style}">Stylish Link</a>})
- expect(doc.at_css('a')['style']).to eq(whitelisted_style)
+ expect(doc.at_css('a')['style']).to eq(allowed_style)
end
end
diff --git a/spec/lib/banzai/filter/reference_redactor_filter_spec.rb b/spec/lib/banzai/filter/reference_redactor_filter_spec.rb
index ac1cabb34cc..d0336e9e059 100644
--- a/spec/lib/banzai/filter/reference_redactor_filter_spec.rb
+++ b/spec/lib/banzai/filter/reference_redactor_filter_spec.rb
@@ -143,15 +143,32 @@ RSpec.describe Banzai::Filter::ReferenceRedactorFilter do
expect(doc.css('a').length).to eq 1
end
- it 'allows references for admin' do
- admin = create(:admin)
- project = create(:project, :public)
- issue = create(:issue, :confidential, project: project)
- link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
+ context 'for admin' do
+ context 'when admin mode is enabled', :enable_admin_mode do
+ it 'allows references' do
+ admin = create(:admin)
+ project = create(:project, :public)
+ issue = create(:issue, :confidential, project: project)
+ link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
+
+ doc = filter(link, current_user: admin)
+
+ expect(doc.css('a').length).to eq 1
+ end
+ end
- doc = filter(link, current_user: admin)
+ context 'when admin mode is disabled' do
+ it 'removes references' do
+ admin = create(:admin)
+ project = create(:project, :public)
+ issue = create(:issue, :confidential, project: project)
+ link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
- expect(doc.css('a').length).to eq 1
+ doc = filter(link, current_user: admin)
+
+ expect(doc.css('a').length).to eq 0
+ end
+ end
end
context "when a confidential issue is moved from a public project to a private one" do
diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb
index 09dcd5518ff..bc4b60dfe60 100644
--- a/spec/lib/banzai/filter/sanitization_filter_spec.rb
+++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb
@@ -5,31 +5,31 @@ require 'spec_helper'
RSpec.describe Banzai::Filter::SanitizationFilter do
include FilterSpecHelper
- it_behaves_like 'default whitelist'
+ it_behaves_like 'default allowlist'
- describe 'custom whitelist' do
+ describe 'custom allowlist' do
it_behaves_like 'XSS prevention'
it_behaves_like 'sanitize link'
- it 'customizes the whitelist only once' do
+ it 'customizes the allowlist only once' do
instance = described_class.new('Foo')
- control_count = instance.whitelist[:transformers].size
+ control_count = instance.allowlist[:transformers].size
- 3.times { instance.whitelist }
+ 3.times { instance.allowlist }
- expect(instance.whitelist[:transformers].size).to eq control_count
+ expect(instance.allowlist[:transformers].size).to eq control_count
end
- it 'customizes the whitelist only once for different instances' do
+ it 'customizes the allowlist only once for different instances' do
instance1 = described_class.new('Foo1')
instance2 = described_class.new('Foo2')
- control_count = instance1.whitelist[:transformers].size
+ control_count = instance1.allowlist[:transformers].size
- instance1.whitelist
- instance2.whitelist
+ instance1.allowlist
+ instance2.allowlist
- expect(instance1.whitelist[:transformers].size).to eq control_count
- expect(instance2.whitelist[:transformers].size).to eq control_count
+ expect(instance1.allowlist[:transformers].size).to eq control_count
+ expect(instance2.allowlist[:transformers].size).to eq control_count
end
it 'sanitizes `class` attribute from all elements' do
diff --git a/spec/lib/banzai/filter/truncate_source_filter_spec.rb b/spec/lib/banzai/filter/truncate_source_filter_spec.rb
new file mode 100644
index 00000000000..b0c6d91daa8
--- /dev/null
+++ b/spec/lib/banzai/filter/truncate_source_filter_spec.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Banzai::Filter::TruncateSourceFilter do
+ include FilterSpecHelper
+
+ let(:short_text) { 'foo' * 10 }
+ let(:long_text) { ([short_text] * 10).join(' ') }
+
+ it 'does nothing when limit is unspecified' do
+ output = filter(long_text)
+
+ expect(output).to eq(long_text)
+ end
+
+ it 'does nothing to a short-enough text' do
+ output = filter(short_text, limit: short_text.bytesize)
+
+ expect(output).to eq(short_text)
+ end
+
+ it 'truncates UTF-8 text by bytes, on a character boundary' do
+ utf8_text = '日本語の文字が大きい'
+ truncated = '日…'
+
+ expect(filter(utf8_text, limit: truncated.bytesize)).to eq(truncated)
+ expect(filter(utf8_text, limit: utf8_text.bytesize)).to eq(utf8_text)
+ expect(filter(utf8_text, limit: utf8_text.mb_chars.size)).not_to eq(utf8_text)
+ end
+end
diff --git a/spec/lib/banzai/pipeline/description_pipeline_spec.rb b/spec/lib/banzai/pipeline/description_pipeline_spec.rb
index 82d4f883e0d..be553433e9e 100644
--- a/spec/lib/banzai/pipeline/description_pipeline_spec.rb
+++ b/spec/lib/banzai/pipeline/description_pipeline_spec.rb
@@ -21,7 +21,7 @@ RSpec.describe Banzai::Pipeline::DescriptionPipeline do
stub_commonmark_sourcepos_disabled
end
- it 'uses a limited whitelist' do
+ it 'uses a limited allowlist' do
doc = parse('# Description')
expect(doc.strip).to eq 'Description'
diff --git a/spec/lib/banzai/pipeline/gfm_pipeline_spec.rb b/spec/lib/banzai/pipeline/gfm_pipeline_spec.rb
index 247f4591632..31047b9494a 100644
--- a/spec/lib/banzai/pipeline/gfm_pipeline_spec.rb
+++ b/spec/lib/banzai/pipeline/gfm_pipeline_spec.rb
@@ -176,8 +176,8 @@ RSpec.describe Banzai::Pipeline::GfmPipeline do
stub_asset_proxy_setting(enabled: true)
stub_asset_proxy_setting(secret_key: 'shared-secret')
stub_asset_proxy_setting(url: 'https://assets.example.com')
- stub_asset_proxy_setting(whitelist: %W(gitlab.com *.mydomain.com #{Gitlab.config.gitlab.host}))
- stub_asset_proxy_setting(domain_regexp: Banzai::Filter::AssetProxyFilter.compile_whitelist(Gitlab.config.asset_proxy.whitelist))
+ stub_asset_proxy_setting(allowlist: %W(gitlab.com *.mydomain.com #{Gitlab.config.gitlab.host}))
+ stub_asset_proxy_setting(domain_regexp: Banzai::Filter::AssetProxyFilter.compile_allowlist(Gitlab.config.asset_proxy.allowlist))
end
it 'replaces a lazy loaded img src' do
diff --git a/spec/lib/banzai/pipeline/pre_process_pipeline_spec.rb b/spec/lib/banzai/pipeline/pre_process_pipeline_spec.rb
index fc74c592867..f0498f41b61 100644
--- a/spec/lib/banzai/pipeline/pre_process_pipeline_spec.rb
+++ b/spec/lib/banzai/pipeline/pre_process_pipeline_spec.rb
@@ -24,4 +24,12 @@ RSpec.describe Banzai::Pipeline::PreProcessPipeline do
expect(result[:output]).to include "> blockquote\n"
end
end
+
+ it 'truncates the text if requested' do
+ text = (['foo'] * 10).join(' ')
+
+ result = described_class.call(text, limit: 12)
+
+ expect(result[:output]).to eq('foo foo f…')
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 17:13:06 +0300