diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-17 18:09:01 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-17 18:09:01 +0300 |
| commit | b304a72312465ed4c0a568ee6a6ea5e97f705c9b (patch) | |
| tree | a2f25dbea26c81e88b169c55a6275e3969323e82 /spec/models | |
| parent | b84eeb256c4a780d902faee1f99ca9a711b3214a (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/models')
| -rw-r--r-- | spec/models/user_spec.rb | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 36ddb624cba..cd84bf54e8f 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -303,6 +303,20 @@ describe User, :do_not_mock_admin_mode do end end + context 'bad regex' do + before do + allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['([a-zA-Z0-9]+)+\.com']) + end + + it 'does not hang on evil input' do + user = build(:user, email: 'user@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!.com') + + expect do + Timeout.timeout(2.seconds) { user.valid? } + end.not_to raise_error + end + end + context 'when a signup domain is whitelisted and subdomains are allowed' do before do allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com', '*.example.com']) @@ -356,6 +370,20 @@ describe User, :do_not_mock_admin_mode do allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['example.com']) end + context 'bad regex' do + before do + allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['([a-zA-Z0-9]+)+\.com']) + end + + it 'does not hang on evil input' do + user = build(:user, email: 'user@aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!.com') + + expect do + Timeout.timeout(2.seconds) { user.valid? } + end.not_to raise_error + end + end + context 'when a signup domain is blacklisted' do it 'accepts info@test.com' do user = build(:user, email: 'info@test.com') |