diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-29 11:18:56 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-04-29 11:19:12 +0300 |
| commit | 7b1c7e980459210bea3f967cbc6b1c797c1ff658 (patch) | |
| tree | 74f3c3392bf8e887a73bb570d27419bfc65c0093 /spec/lib/gitlab/ci/pipeline | |
| parent | deb2f3a60831afda2ad7ec144eb58aaf269abe58 (diff) | |
Add latest changes from gitlab-org/security/gitlab@14-10-stable-ee
Diffstat (limited to 'spec/lib/gitlab/ci/pipeline')
| -rw-r--r-- | spec/lib/gitlab/ci/pipeline/chain/helpers_spec.rb | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/spec/lib/gitlab/ci/pipeline/chain/helpers_spec.rb b/spec/lib/gitlab/ci/pipeline/chain/helpers_spec.rb index bcea6462790..96ada90b4e1 100644 --- a/spec/lib/gitlab/ci/pipeline/chain/helpers_spec.rb +++ b/spec/lib/gitlab/ci/pipeline/chain/helpers_spec.rb @@ -22,6 +22,19 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Helpers do let(:command) { double(save_incompleted: true) } let(:message) { 'message' } + describe '.warning' do + context 'when the warning includes malicious HTML' do + let(:message) { '<div>gimme your password</div>' } + let(:sanitized_message) { 'gimme your password' } + + it 'sanitizes' do + subject.warning(message) + + expect(pipeline.warning_messages[0].content).to include(sanitized_message) + end + end + end + describe '.error' do shared_examples 'error function' do specify do @@ -36,6 +49,18 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Helpers do end end + context 'when the error includes malicious HTML' do + let(:message) { '<div>gimme your password</div>' } + let(:sanitized_message) { 'gimme your password' } + + it 'sanitizes the error and removes the HTML tags' do + subject.error(message, config_error: true, drop_reason: :config_error) + + expect(pipeline.yaml_errors).to eq(sanitized_message) + expect(pipeline.errors[:base]).to include(sanitized_message) + end + end + context 'when given a drop reason' do context 'when config error is true' do context 'sets the yaml error and overrides the drop reason' do |