Add latest changes from gitlab-org/security/gitlab@16-1-stable-ee

3 files changed, 42 insertions, 16 deletions

diff --git a/spec/lib/gitlab/checks/branch_check_spec.rb b/spec/lib/gitlab/checks/branch_check_spec.rb
index 7ce267c535f..9950d4dbd12 100644
--- a/spec/lib/gitlab/checks/branch_check_spec.rb
+++ b/spec/lib/gitlab/checks/branch_check_spec.rb
@@ -32,6 +32,12 @@ RSpec.describe Gitlab::Checks::BranchCheck, feature_category: :source_code_manag
         expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "You cannot create a branch with a 40-character hexadecimal branch name.")
       end
 
+      it "prohibits 40-character hexadecimal branch names followed by a dash as the start of a path" do
+        allow(subject).to receive(:branch_name).and_return("267208abfe40e546f5e847444276f7d43a39503e-/test")
+
+        expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "You cannot create a branch with a 40-character hexadecimal branch name.")
+      end
+
       it "doesn't prohibit a nested hexadecimal in a branch name" do
         allow(subject).to receive(:branch_name).and_return("267208abfe40e546f5e847444276f7d43a39503e-fix")
 
diff --git a/spec/lib/gitlab/harbor/query_spec.rb b/spec/lib/gitlab/harbor/query_spec.rb
index dcb9a16b27b..fe05643e04a 100644
--- a/spec/lib/gitlab/harbor/query_spec.rb
+++ b/spec/lib/gitlab/harbor/query_spec.rb
@@ -3,6 +3,8 @@
 require 'spec_helper'
 
 RSpec.describe Gitlab::Harbor::Query do
+  using RSpec::Parameterized::TableSyntax
+
   let_it_be(:harbor_integration) { create(:harbor_integration) }
 
   let(:params) { {} }
@@ -111,19 +113,20 @@ RSpec.describe Gitlab::Harbor::Query do
     end
 
     context 'search' do
-      context 'with valid search' do
-        let(:params) { { search: 'name=desc' } }
-
-        it 'initialize successfully' do
-          expect(query.valid?).to eq(true)
-        end
+      where(:search_param, :is_valid) do
+        "name=desc"                  | true
+        "name=value1,name=value-2"   | true
+        "name=value1,name=value_2"   | false
+        "name=desc,key=value"        | false
+        "name=value1, name=value2"   | false
+        "name"                       | false
       end
 
-      context 'with invalid search' do
-        let(:params) { { search: 'blabla' } }
+      with_them do
+        let(:params) { { search: search_param } }
 
-        it 'initialize failed' do
-          expect(query.valid?).to eq(false)
+        it "validates according to the regex" do
+          expect(query.valid?).to eq(is_valid)
         end
       end
     end
diff --git a/spec/lib/gitlab/pages/virtual_host_finder_spec.rb b/spec/lib/gitlab/pages/virtual_host_finder_spec.rb
index 4b584a45503..49eee772f8d 100644
--- a/spec/lib/gitlab/pages/virtual_host_finder_spec.rb
+++ b/spec/lib/gitlab/pages/virtual_host_finder_spec.rb
@@ -9,6 +9,10 @@ RSpec.describe Gitlab::Pages::VirtualHostFinder, feature_category: :pages do
     project.update_pages_deployment!(create(:pages_deployment, project: project))
   end
 
+  before do
+    stub_pages_setting(host: 'example.com')
+  end
+
   it 'returns nil when host is empty' do
     expect(described_class.new(nil).execute).to be_nil
     expect(described_class.new('').execute).to be_nil
@@ -69,7 +73,7 @@ RSpec.describe Gitlab::Pages::VirtualHostFinder, feature_category: :pages do
       end
 
       it 'returns the virual domain with no lookup_paths' do
-        virtual_domain = described_class.new("#{project.namespace.path}.#{Settings.pages.host}").execute
+        virtual_domain = described_class.new("#{project.namespace.path}.example.com").execute
 
         expect(virtual_domain).to be_an_instance_of(Pages::VirtualDomain)
         expect(virtual_domain.cache_key).to match(/pages_domain_for_namespace_#{project.namespace.id}_/)
@@ -82,7 +86,7 @@ RSpec.describe Gitlab::Pages::VirtualHostFinder, feature_category: :pages do
         end
 
         it 'returns the virual domain with no lookup_paths' do
-          virtual_domain = described_class.new("#{project.namespace.path}.#{Settings.pages.host}".downcase).execute
+          virtual_domain = described_class.new("#{project.namespace.path}.example.com".downcase).execute
 
           expect(virtual_domain).to be_an_instance_of(Pages::VirtualDomain)
           expect(virtual_domain.cache_key).to be_nil
@@ -104,7 +108,7 @@ RSpec.describe Gitlab::Pages::VirtualHostFinder, feature_category: :pages do
       end
 
       it 'returns the virual domain when there are pages deployed for the project' do
-        virtual_domain = described_class.new("#{project.namespace.path}.#{Settings.pages.host}").execute
+        virtual_domain = described_class.new("#{project.namespace.path}.example.com").execute
 
         expect(virtual_domain).to be_an_instance_of(Pages::VirtualDomain)
         expect(virtual_domain.cache_key).to match(/pages_domain_for_namespace_#{project.namespace.id}_/)
@@ -113,7 +117,7 @@ RSpec.describe Gitlab::Pages::VirtualHostFinder, feature_category: :pages do
       end
 
       it 'finds domain with case-insensitive' do
-        virtual_domain = described_class.new("#{project.namespace.path}.#{Settings.pages.host.upcase}").execute
+        virtual_domain = described_class.new("#{project.namespace.path}.Example.com").execute
 
         expect(virtual_domain).to be_an_instance_of(Pages::VirtualDomain)
         expect(virtual_domain.cache_key).to match(/pages_domain_for_namespace_#{project.namespace.id}_/)
@@ -127,7 +131,7 @@ RSpec.describe Gitlab::Pages::VirtualHostFinder, feature_category: :pages do
         end
 
         it 'returns the virual domain when there are pages deployed for the project' do
-          virtual_domain = described_class.new("#{project.namespace.path}.#{Settings.pages.host}").execute
+          virtual_domain = described_class.new("#{project.namespace.path}.example.com").execute
 
           expect(virtual_domain).to be_an_instance_of(Pages::VirtualDomain)
           expect(virtual_domain.cache_key).to be_nil
@@ -143,7 +147,7 @@ RSpec.describe Gitlab::Pages::VirtualHostFinder, feature_category: :pages do
       project.project_setting.update!(pages_unique_domain: 'unique-domain')
     end
 
-    subject(:virtual_domain) { described_class.new("unique-domain.#{Settings.pages.host.upcase}").execute }
+    subject(:virtual_domain) { described_class.new('unique-domain.example.com').execute }
 
     context 'when pages unique domain is enabled' do
       before_all do
@@ -171,6 +175,19 @@ RSpec.describe Gitlab::Pages::VirtualHostFinder, feature_category: :pages do
           expect(virtual_domain.lookup_paths.first.project_id).to eq(project.id)
         end
 
+        context 'when a project path conflicts with a unique domain' do
+          it 'prioritizes the unique domain project' do
+            group = create(:group, path: 'unique-domain')
+            other_project = build(:project, path: 'unique-domain.example.com', group: group)
+            other_project.save!(validate: false)
+            other_project.update_pages_deployment!(create(:pages_deployment, project: other_project))
+            other_project.mark_pages_as_deployed
+
+            expect(virtual_domain).to be_an_instance_of(Pages::VirtualDomain)
+            expect(virtual_domain.lookup_paths.first.project_id).to eq(project.id)
+          end
+        end
+
         context 'when :cache_pages_domain_api is disabled' do
           before do
             stub_feature_flags(cache_pages_domain_api: false)