diff options
author | Alex Hanselka <alex@gitlab.com> | 2018-12-14 02:58:13 +0300 |
---|---|---|
committer | Alex Hanselka <alex@gitlab.com> | 2018-12-14 02:58:13 +0300 |
commit | de9b380e73992de3c76d965f3843d269a03f97f8 (patch) | |
tree | 978f7ccbbae566c8f4bb66d064b4ca5ce21c1ddc /spec/services | |
parent | 07e079e8dd336e76986ad001fce79ab9babb00b0 (diff) | |
parent | 0b7e870f9e938f3776d91866f491302945d604ba (diff) |
Merge remote-tracking branch 'dev/master'
* dev/master:
Update CHANGELOG.md for 11.3.13
Validate LFS hrefs before downloading them
Diffstat (limited to 'spec/services')
-rw-r--r-- | spec/services/projects/lfs_pointers/lfs_download_service_spec.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb b/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb index 6af5bfc7689..d7d7f1874eb 100644 --- a/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb +++ b/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb @@ -54,6 +54,18 @@ describe Projects::LfsPointers::LfsDownloadService do end end + context 'when a bad URL is used' do + where(download_link: ['/etc/passwd', 'ftp://example.com', 'http://127.0.0.2']) + + with_them do + it 'does not download the file' do + expect(subject).not_to receive(:download_and_save_file) + + expect { subject.execute(oid, download_link) }.not_to change { LfsObject.count } + end + end + end + context 'when an lfs object with the same oid already exists' do before do create(:lfs_object, oid: 'oid') |