diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-06 21:09:07 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-11-06 21:09:07 +0300 |
commit | f3db01da507f86cfed412c7d337e3747744cc914 (patch) | |
tree | 3862e3ca223038c1390e2d19708ebeeecb040e00 /spec/requests/user_sends_malformed_strings_spec.rb | |
parent | a268b09416c8dc3da3af38933028fa26375b88e0 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/requests/user_sends_malformed_strings_spec.rb')
-rw-r--r-- | spec/requests/user_sends_malformed_strings_spec.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/spec/requests/user_sends_malformed_strings_spec.rb b/spec/requests/user_sends_malformed_strings_spec.rb index b6eda9159bc..da533606be5 100644 --- a/spec/requests/user_sends_malformed_strings_spec.rb +++ b/spec/requests/user_sends_malformed_strings_spec.rb @@ -2,7 +2,9 @@ require 'spec_helper' -RSpec.describe 'User sends malformed strings as params' do +RSpec.describe 'User sends malformed strings' do + include GitHttpHelpers + let(:null_byte) { "\u0000" } let(:invalid_string) { "mal\xC0formed" } @@ -17,4 +19,10 @@ RSpec.describe 'User sends malformed strings as params' do expect(response).to have_gitlab_http_status(:bad_request) end + + it 'raises a 400 error with null bytes in the auth headers' do + clone_get("project/path", user: "hello#{null_byte}", password: "nothing to see") + + expect(response).to have_gitlab_http_status(:bad_request) + end end |