diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-13 02:00:21 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-13 02:00:21 +0300 |
commit | a300086c5935fd69444018638b29d85b3e572c96 (patch) | |
tree | 6fbbe243ec6ad4536085b7a3cd9857dd8b02b451 /spec/lib | |
parent | 544a05f8dd310d672417687d458e1b99c2b19760 (diff) |
Add latest changes from gitlab-org/security/gitlab@16-5-stable-ee
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/gitlab/checks/tag_check_spec.rb | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/spec/lib/gitlab/checks/tag_check_spec.rb b/spec/lib/gitlab/checks/tag_check_spec.rb index b5aafde006f..2b1fbc7e797 100644 --- a/spec/lib/gitlab/checks/tag_check_spec.rb +++ b/spec/lib/gitlab/checks/tag_check_spec.rb @@ -57,6 +57,7 @@ RSpec.describe Gitlab::Checks::TagCheck, feature_category: :source_code_manageme context "when prohibited_tag_name_encoding_check feature flag is disabled" do before do stub_feature_flags(prohibited_tag_name_encoding_check: false) + allow(subject).to receive(:validate_tag_name_not_sha_like!) end it "doesn't prohibit tag names that include characters incompatible with UTF-8" do @@ -71,6 +72,66 @@ RSpec.describe Gitlab::Checks::TagCheck, feature_category: :source_code_manageme expect { subject.validate! }.not_to raise_error end end + + it "forbids SHA-1 values" do + allow(subject) + .to receive(:tag_name) + .and_return("267208abfe40e546f5e847444276f7d43a39503e") + + expect { subject.validate! }.to raise_error( + Gitlab::GitAccess::ForbiddenError, + "You cannot create a tag with a SHA-1 or SHA-256 tag name." + ) + end + + it "forbids SHA-256 values" do + allow(subject) + .to receive(:tag_name) + .and_return("09b9fd3ea68e9b95a51b693a29568c898e27d1476bbd83c825664f18467fc175") + + expect { subject.validate! }.to raise_error( + Gitlab::GitAccess::ForbiddenError, + "You cannot create a tag with a SHA-1 or SHA-256 tag name." + ) + end + + it "forbids '{SHA-1}{+anything}' values" do + allow(subject) + .to receive(:tag_name) + .and_return("267208abfe40e546f5e847444276f7d43a39503e-") + + expect { subject.validate! }.to raise_error( + Gitlab::GitAccess::ForbiddenError, + "You cannot create a tag with a SHA-1 or SHA-256 tag name." + ) + end + + it "forbids '{SHA-256}{+anything} values" do + allow(subject) + .to receive(:tag_name) + .and_return("09b9fd3ea68e9b95a51b693a29568c898e27d1476bbd83c825664f18467fc175-") + + expect { subject.validate! }.to raise_error( + Gitlab::GitAccess::ForbiddenError, + "You cannot create a tag with a SHA-1 or SHA-256 tag name." + ) + end + + it "allows SHA-1 values to be appended to the tag name" do + allow(subject) + .to receive(:tag_name) + .and_return("fix-267208abfe40e546f5e847444276f7d43a39503e") + + expect { subject.validate! }.not_to raise_error + end + + it "allows SHA-256 values to be appended to the tag name" do + allow(subject) + .to receive(:tag_name) + .and_return("fix-09b9fd3ea68e9b95a51b693a29568c898e27d1476bbd83c825664f18467fc175") + + expect { subject.validate! }.not_to raise_error + end end context 'with protected tag' do |