diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 21:09:28 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 21:09:28 +0300 |
commit | ce8a0b90849ac5d1895e741c023432930f24d724 (patch) | |
tree | dbdc97de542cdbe18a2fc8b1a6b64ac0673ed3d3 /spec/uploaders/avatar_uploader_spec.rb | |
parent | dc889678d1de8c09310b2f8f9742bb6c78a6f1a4 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/uploaders/avatar_uploader_spec.rb')
-rw-r--r-- | spec/uploaders/avatar_uploader_spec.rb | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/spec/uploaders/avatar_uploader_spec.rb b/spec/uploaders/avatar_uploader_spec.rb index 669f75b2ee8..142ee557afa 100644 --- a/spec/uploaders/avatar_uploader_spec.rb +++ b/spec/uploaders/avatar_uploader_spec.rb @@ -47,15 +47,29 @@ describe AvatarUploader do end end - context 'upload type check' do - AvatarUploader::SAFE_IMAGE_EXT.each do |ext| - context "#{ext} extension" do - it_behaves_like 'type checked uploads', filenames: "image.#{ext}" - end - end + context 'accept whitelist file content type' do + # We need to feed through a valid path, but we force the parsed mime type + # in a stub below so we can set any path. + let_it_be(:path) { File.join('spec', 'fixtures', 'video_sample.mp4') } + + where(:mime_type) { described_class::MIME_WHITELIST } + + with_them do + include_context 'force content type detection to mime_type' - context 'skip image/svg+xml integrity check' do - it_behaves_like 'skipped type checked uploads', filenames: 'image.svg' + it_behaves_like 'accepted carrierwave upload' end end + + context 'upload non-whitelisted file content type' do + let_it_be(:path) { File.join('spec', 'fixtures', 'sanitized.svg') } + + it_behaves_like 'denied carrierwave upload' + end + + context 'upload misnamed non-whitelisted file content type' do + let_it_be(:path) { File.join('spec', 'fixtures', 'not_a_png.png') } + + it_behaves_like 'denied carrierwave upload' + end end |