Validate LFS hrefs before downloading them

author: Nick Thomas <nick@gitlab.com> 2018-12-11 19:52:22 +0300
committer: Nick Thomas <nick@gitlab.com> 2018-12-11 21:13:44 +0300
commit: 3ee0710d1d47bec895568563aeca2d3b53bfa8ce (patch)
tree: ae3da1ed6baa1133114edc1bb887b63479f0ac31 /spec/services
parent: 18a48e348b83f66a1d108a2d6e38ac12c47dcef3 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb b/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb
index 6af5bfc7689..d7d7f1874eb 100644
--- a/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb
+++ b/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb
@@ -54,6 +54,18 @@ describe Projects::LfsPointers::LfsDownloadService do
       end
     end
 
+    context 'when a bad URL is used' do
+      where(download_link: ['/etc/passwd', 'ftp://example.com', 'http://127.0.0.2'])
+
+      with_them do
+        it 'does not download the file' do
+          expect(subject).not_to receive(:download_and_save_file)
+
+          expect { subject.execute(oid, download_link) }.not_to change { LfsObject.count }
+        end
+      end
+    end
+
     context 'when an lfs object with the same oid already exists'  do
       before do
         create(:lfs_object, oid: 'oid')
author	Nick Thomas <nick@gitlab.com>	2018-12-11 19:52:22 +0300
committer	Nick Thomas <nick@gitlab.com>	2018-12-11 21:13:44 +0300
commit	3ee0710d1d47bec895568563aeca2d3b53bfa8ce (patch)
tree	ae3da1ed6baa1133114edc1bb887b63479f0ac31 /spec/services
parent	18a48e348b83f66a1d108a2d6e38ac12c47dcef3 (diff)