diff options
author | Sean McGivern <sean@gitlab.com> | 2017-07-20 16:16:00 +0300 |
---|---|---|
committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2017-07-21 15:13:07 +0300 |
commit | 83481414341b7ebb82b5a3d948b39e95fdca5289 (patch) | |
tree | 3934231c988f4171f61815d357da94ae0956f2af /spec/lib/gitlab/untrusted_regexp_spec.rb | |
parent | 2e46a584b671f5eb06b7e9c37523d7300882d44b (diff) |
Merge branch 'fix-re2-infinite-loop-nick' into 'security-9-3'
Fix an infinite loop in Gitlab:UntrustedRegexp
See merge request !2146
Diffstat (limited to 'spec/lib/gitlab/untrusted_regexp_spec.rb')
-rw-r--r-- | spec/lib/gitlab/untrusted_regexp_spec.rb | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/spec/lib/gitlab/untrusted_regexp_spec.rb b/spec/lib/gitlab/untrusted_regexp_spec.rb index 66045917cb3..a2ef2a27e4c 100644 --- a/spec/lib/gitlab/untrusted_regexp_spec.rb +++ b/spec/lib/gitlab/untrusted_regexp_spec.rb @@ -46,10 +46,28 @@ describe Gitlab::UntrustedRegexp do context 'malicious regexp' do let(:text) { malicious_text } let(:regexp) { malicious_regexp } - + include_examples 'malicious regexp' end + context 'empty regexp' do + let(:regexp) { '' } + let(:text) { 'foo' } + + it 'returns an array of empty matches' do + is_expected.to eq(['', '', '']) + end + end + + context 'empty capture group regexp' do + let(:regexp) { '()' } + let(:text) { 'foo' } + + it 'returns arrays of empty matches in an array' do + is_expected.to eq([[''], [''], ['']]) + end + end + context 'no capture group' do let(:regexp) { '.+' } let(:text) { 'foo' } |