diff options
| author | George Koltsov <gkoltsov@gitlab.com> | 2019-07-26 16:03:06 +0300 |
|---|---|---|
| committer | George Koltsov <gkoltsov@gitlab.com> | 2019-08-02 17:39:18 +0300 |
| commit | ac7661924eebd6eb0fa72848e2b4bf4391ebf113 (patch) | |
| tree | c38ea5f92cbd54f0c4d4d085ec68bd8347804d8e /spec/validators | |
| parent | 5a19a43a13031de83af2d241498465a882421270 (diff) | |
Update security/webhooks.md doc page & specs
Updating security/webhooks.md to match new behaviour
as well as drying up few specs to extract shared
examples
Diffstat (limited to 'spec/validators')
| -rw-r--r-- | spec/validators/system_hook_url_validator_spec.rb | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/spec/validators/system_hook_url_validator_spec.rb b/spec/validators/system_hook_url_validator_spec.rb index fc4261666e7..78e95db2b47 100644 --- a/spec/validators/system_hook_url_validator_spec.rb +++ b/spec/validators/system_hook_url_validator_spec.rb @@ -11,43 +11,48 @@ describe SystemHookUrlValidator do subject { validator.validate(badge) } - it 'does not block urls pointing to localhost' do + it 'blocks urls pointing to localhost' do badge.link_url = 'https://127.0.0.1' subject - expect(badge.errors).not_to be_present + expect(badge.errors).to be_present end - it 'does not block urls pointing to the local network' do + it 'blocks urls pointing to the local network' do badge.link_url = 'https://192.168.1.1' subject - expect(badge.errors).not_to be_present + expect(badge.errors).to be_present end end - context 'when local requests are not allowed' do - let(:validator) { described_class.new(attributes: [:link_url], allow_localhost: false, allow_local_network: false) } + context 'when local requests are allowed' do + let(:validator) { described_class.new(attributes: [:link_url]) } let!(:badge) { build(:badge, link_url: 'http://www.example.com') } + let!(:settings) { create(:application_setting) } subject { validator.validate(badge) } - it 'blocks urls pointing to localhost' do + before do + stub_application_setting(allow_local_requests_from_system_hooks: true) + end + + it 'does not block urls pointing to localhost' do badge.link_url = 'https://127.0.0.1' subject - expect(badge.errors).to be_present + expect(badge.errors).not_to be_present end - it 'blocks urls pointing to the local network' do + it 'does not block urls pointing to the local network' do badge.link_url = 'https://192.168.1.1' subject - expect(badge.errors).to be_present + expect(badge.errors).not_to be_present end end end |