Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/file_type_detection_spec.rb
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2019-09-23 21:06:14 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2019-09-23 21:06:14 +0300
commitc792263edfaf826c58f4aa41d26904464a17a3e7 (patch)
treeb57ae96c9eeaf0a1432a29f7f50f2fce9529818d /spec/lib/gitlab/file_type_detection_spec.rb
parent6f9edd1a4c4942d3d13ec54793cfae56164b1a0a (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/lib/gitlab/file_type_detection_spec.rb')
-rw-r--r--spec/lib/gitlab/file_type_detection_spec.rb273
1 files changed, 243 insertions, 30 deletions
diff --git a/spec/lib/gitlab/file_type_detection_spec.rb b/spec/lib/gitlab/file_type_detection_spec.rb
index 22ec7d414e8..1edf882afe2 100644
--- a/spec/lib/gitlab/file_type_detection_spec.rb
+++ b/spec/lib/gitlab/file_type_detection_spec.rb
@@ -2,38 +2,103 @@
require 'spec_helper'
describe Gitlab::FileTypeDetection do
- def upload_fixture(filename)
- fixture_file_upload(File.join('spec', 'fixtures', filename))
- end
+ context 'when class is an uploader' do
+ shared_examples '#image? for an uploader' do
+ it 'returns true for an image file' do
+ uploader.store!(upload_fixture('dk.png'))
- describe '#image_or_video?' do
- context 'when class is an uploader' do
- let(:uploader) do
- example_uploader = Class.new(CarrierWave::Uploader::Base) do
- include Gitlab::FileTypeDetection
+ expect(uploader).to be_image
+ end
- storage :file
- end
+ it 'returns false if filename has a dangerous image extension' do
+ uploader.store!(upload_fixture('unsanitized.svg'))
- example_uploader.new
+ expect(uploader).to be_dangerous_image
+ expect(uploader).not_to be_image
end
- it 'returns true for an image file' do
+ it 'returns false for a video file' do
+ uploader.store!(upload_fixture('video_sample.mp4'))
+
+ expect(uploader).not_to be_image
+ end
+
+ it 'returns false if filename is blank' do
uploader.store!(upload_fixture('dk.png'))
- expect(uploader).to be_image_or_video
+ allow(uploader).to receive(:filename).and_return(nil)
+
+ expect(uploader).not_to be_image
end
+ end
+ shared_examples '#video? for an uploader' do
it 'returns true for a video file' do
uploader.store!(upload_fixture('video_sample.mp4'))
- expect(uploader).to be_image_or_video
+ expect(uploader).to be_video
+ end
+
+ it 'returns false for an image file' do
+ uploader.store!(upload_fixture('dk.png'))
+
+ expect(uploader).not_to be_video
+ end
+
+ it 'returns false if filename is blank' do
+ uploader.store!(upload_fixture('dk.png'))
+
+ allow(uploader).to receive(:filename).and_return(nil)
+
+ expect(uploader).not_to be_video
+ end
+ end
+
+ shared_examples '#dangerous_image? for an uploader' do
+ it 'returns true if filename has a dangerous extension' do
+ uploader.store!(upload_fixture('unsanitized.svg'))
+
+ expect(uploader).to be_dangerous_image
+ end
+
+ it 'returns false for an image file' do
+ uploader.store!(upload_fixture('dk.png'))
+
+ expect(uploader).not_to be_dangerous_image
+ end
+
+ it 'returns false for a video file' do
+ uploader.store!(upload_fixture('video_sample.mp4'))
+
+ expect(uploader).not_to be_dangerous_image
+ end
+
+ it 'returns false if filename is blank' do
+ uploader.store!(upload_fixture('dk.png'))
+
+ allow(uploader).to receive(:filename).and_return(nil)
+
+ expect(uploader).not_to be_dangerous_image
+ end
+ end
+
+ shared_examples '#dangerous_video? for an uploader' do
+ it 'returns false for a safe video file' do
+ uploader.store!(upload_fixture('video_sample.mp4'))
+
+ expect(uploader).not_to be_dangerous_video
+ end
+
+ it 'returns false if filename is a dangerous image extension' do
+ uploader.store!(upload_fixture('unsanitized.svg'))
+
+ expect(uploader).not_to be_dangerous_video
end
- it 'returns false for other extensions' do
- uploader.store!(upload_fixture('doc_sample.txt'))
+ it 'returns false for an image file' do
+ uploader.store!(upload_fixture('dk.png'))
- expect(uploader).not_to be_image_or_video
+ expect(uploader).not_to be_dangerous_video
end
it 'returns false if filename is blank' do
@@ -41,42 +106,190 @@ describe Gitlab::FileTypeDetection do
allow(uploader).to receive(:filename).and_return(nil)
- expect(uploader).not_to be_image_or_video
+ expect(uploader).not_to be_dangerous_video
end
end
- context 'when class is a regular class' do
- let(:custom_class) do
- custom_class = Class.new do
- include Gitlab::FileTypeDetection
- end
+ let(:uploader) do
+ example_uploader = Class.new(CarrierWave::Uploader::Base) do
+ include Gitlab::FileTypeDetection
- custom_class.new
+ storage :file
end
+ example_uploader.new
+ end
+
+ def upload_fixture(filename)
+ fixture_file_upload(File.join('spec', 'fixtures', filename))
+ end
+
+ describe '#image?' do
+ include_examples '#image? for an uploader'
+ end
+
+ describe '#video?' do
+ include_examples '#video? for an uploader'
+ end
+
+ describe '#image_or_video?' do
+ include_examples '#image? for an uploader'
+ include_examples '#video? for an uploader'
+ end
+
+ describe '#dangerous_image?' do
+ include_examples '#dangerous_image? for an uploader'
+ end
+
+ describe '#dangerous_video?' do
+ include_examples '#dangerous_video? for an uploader'
+ end
+
+ describe '#dangerous_image_or_video?' do
+ include_examples '#dangerous_image? for an uploader'
+ include_examples '#dangerous_video? for an uploader'
+ end
+ end
+
+ context 'when class is a regular class' do
+ shared_examples '#image? for a regular class' do
it 'returns true for an image file' do
allow(custom_class).to receive(:filename).and_return('dk.png')
- expect(custom_class).to be_image_or_video
+ expect(custom_class).to be_image
end
+ it 'returns false if file has a dangerous image extension' do
+ allow(custom_class).to receive(:filename).and_return('unsanitized.svg')
+
+ expect(custom_class).to be_dangerous_image
+ expect(custom_class).not_to be_image
+ end
+
+ it 'returns false for any non image file' do
+ allow(custom_class).to receive(:filename).and_return('video_sample.mp4')
+
+ expect(custom_class).not_to be_image
+ end
+
+ it 'returns false if filename is blank' do
+ allow(custom_class).to receive(:filename).and_return(nil)
+
+ expect(custom_class).not_to be_image
+ end
+ end
+
+ shared_examples '#video? for a regular class' do
it 'returns true for a video file' do
allow(custom_class).to receive(:filename).and_return('video_sample.mp4')
- expect(custom_class).to be_image_or_video
+ expect(custom_class).to be_video
+ end
+
+ it 'returns false for any non-video file' do
+ allow(custom_class).to receive(:filename).and_return('dk.png')
+
+ expect(custom_class).not_to be_video
+ end
+
+ it 'returns false if file has a dangerous image extension' do
+ allow(custom_class).to receive(:filename).and_return('unsanitized.svg')
+
+ expect(custom_class).to be_dangerous_image
+ expect(custom_class).not_to be_video
+ end
+
+ it 'returns false if filename is blank' do
+ allow(custom_class).to receive(:filename).and_return(nil)
+
+ expect(custom_class).not_to be_video
+ end
+ end
+
+ shared_examples '#dangerous_image? for a regular class' do
+ it 'returns true if file has a dangerous image extension' do
+ allow(custom_class).to receive(:filename).and_return('unsanitized.svg')
+
+ expect(custom_class).to be_dangerous_image
+ end
+
+ it 'returns false for an image file' do
+ allow(custom_class).to receive(:filename).and_return('dk.png')
+
+ expect(custom_class).not_to be_dangerous_image
+ end
+
+ it 'returns false for any non image file' do
+ allow(custom_class).to receive(:filename).and_return('video_sample.mp4')
+
+ expect(custom_class).not_to be_dangerous_image
+ end
+
+ it 'returns false if filename is blank' do
+ allow(custom_class).to receive(:filename).and_return(nil)
+
+ expect(custom_class).not_to be_dangerous_image
+ end
+ end
+
+ shared_examples '#dangerous_video? for a regular class' do
+ it 'returns false for a safe video file' do
+ allow(custom_class).to receive(:filename).and_return('video_sample.mp4')
+
+ expect(custom_class).not_to be_dangerous_video
+ end
+
+ it 'returns false for an image file' do
+ allow(custom_class).to receive(:filename).and_return('dk.png')
+
+ expect(custom_class).not_to be_dangerous_video
end
- it 'returns false for other extensions' do
- allow(custom_class).to receive(:filename).and_return('doc_sample.txt')
+ it 'returns false if file has a dangerous image extension' do
+ allow(custom_class).to receive(:filename).and_return('unsanitized.svg')
- expect(custom_class).not_to be_image_or_video
+ expect(custom_class).not_to be_dangerous_video
end
it 'returns false if filename is blank' do
allow(custom_class).to receive(:filename).and_return(nil)
- expect(custom_class).not_to be_image_or_video
+ expect(custom_class).not_to be_dangerous_video
end
end
+
+ let(:custom_class) do
+ custom_class = Class.new do
+ include Gitlab::FileTypeDetection
+ end
+
+ custom_class.new
+ end
+
+ describe '#image?' do
+ include_examples '#image? for a regular class'
+ end
+
+ describe '#video?' do
+ include_examples '#video? for a regular class'
+ end
+
+ describe '#image_or_video?' do
+ include_examples '#image? for a regular class'
+ include_examples '#video? for a regular class'
+ end
+
+ describe '#dangerous_image?' do
+ include_examples '#dangerous_image? for a regular class'
+ end
+
+ describe '#dangerous_video?' do
+ include_examples '#dangerous_video? for a regular class'
+ end
+
+ describe '#dangerous_image_or_video?' do
+ include_examples '#dangerous_image? for a regular class'
+ include_examples '#dangerous_video? for a regular class'
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-01 20:26:44 +0300