diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-06-22 18:33:17 +0300 |
|---|---|---|
| committer | Mike Greiling <mike@pixelcog.com> | 2017-07-20 06:28:41 +0300 |
| commit | ba60d4f6e4f3a6d3cb56c9320f475bee8f0b38da (patch) | |
| tree | 51245b9a3f7df6df3e396f3335f88d79f5d2f328 /spec/lib/gitlab/route_map_spec.rb | |
| parent | ceda6bd5a6d5e7b24f0ec003ce2e7b446d0917c0 (diff) | |
Merge branch '24570-use-re2-for-user-supplied-regexp-9-3' into 'security-9-3'
24570 use re2 for user supplied regexp 9 3
See merge request !2129
Diffstat (limited to 'spec/lib/gitlab/route_map_spec.rb')
| -rw-r--r-- | spec/lib/gitlab/route_map_spec.rb | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/spec/lib/gitlab/route_map_spec.rb b/spec/lib/gitlab/route_map_spec.rb index 21c00c6e5b8..e8feb21e4d7 100644 --- a/spec/lib/gitlab/route_map_spec.rb +++ b/spec/lib/gitlab/route_map_spec.rb @@ -55,6 +55,19 @@ describe Gitlab::RouteMap, lib: true do end describe '#public_path_for_source_path' do + context 'malicious regexp' do + include_examples 'malicious regexp' + + subject do + map = described_class.new(<<-"MAP".strip_heredoc) + - source: '#{malicious_regexp}' + public: '/' + MAP + + map.public_path_for_source_path(malicious_text) + end + end + subject do described_class.new(<<-'MAP'.strip_heredoc) # Team data |