diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-01 14:52:43 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-01 14:52:43 +0300 |
commit | 430576c997e7cfc61b003cf6dbf12817ef899eef (patch) | |
tree | 7884f12a7837f5029b971e04121a66fb81ffdb34 /spec/requests | |
parent | afbc608ba558c62cc0475dfb95df3f375049973b (diff) |
Add latest changes from gitlab-org/security/gitlab@15-5-stable-ee
Diffstat (limited to 'spec/requests')
-rw-r--r-- | spec/requests/api/ci/secure_files_spec.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/spec/requests/api/ci/secure_files_spec.rb b/spec/requests/api/ci/secure_files_spec.rb index f1f22dfadc2..0b8116d5e20 100644 --- a/spec/requests/api/ci/secure_files_spec.rb +++ b/spec/requests/api/ci/secure_files_spec.rb @@ -341,6 +341,15 @@ RSpec.describe API::Ci::SecureFiles do expect(response).to have_gitlab_http_status(:payload_too_large) end + + it 'returns an error when and invalid file name is supplied' do + params = file_params.merge(name: '../../upload-keystore.jks') + expect do + post api("/projects/#{project.id}/secure_files", maintainer), params: params + end.not_to change { project.secure_files.count } + + expect(response).to have_gitlab_http_status(:internal_server_error) + end end context 'authenticated user with read permissions' do |