diff options
author | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 22:06:44 +0300 |
---|---|---|
committer | Cindy Pallares <cindy@gitlab.com> | 2018-11-29 03:14:06 +0300 |
commit | c0e5d9afee57745a79c072b0f57fdcbe164312da (patch) | |
tree | bb779e510a00b4b7ad64abf9f32cb7b4ba1ebe38 /spec/validators | |
parent | fe5f75930e781ef854b458fafa307ebb90a8ed2e (diff) |
Merge branch 'security-fj-crlf-injection' into 'master'
[master] Fix CRLF issue in UrlValidator
See merge request gitlab/gitlabhq!2627
Diffstat (limited to 'spec/validators')
-rw-r--r-- | spec/validators/url_validator_spec.rb | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/spec/validators/url_validator_spec.rb b/spec/validators/url_validator_spec.rb index ab6100509a6..082d09d3f16 100644 --- a/spec/validators/url_validator_spec.rb +++ b/spec/validators/url_validator_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe UrlValidator do @@ -6,6 +8,30 @@ describe UrlValidator do include_examples 'url validator examples', described_class::DEFAULT_PROTOCOLS + describe 'validations' do + include_context 'invalid urls' + + let(:validator) { described_class.new(attributes: [:link_url]) } + + it 'returns error when url is nil' do + expect(validator.validate_each(badge, :link_url, nil)).to be_nil + expect(badge.errors.first[1]).to eq 'must be a valid URL' + end + + it 'returns error when url is empty' do + expect(validator.validate_each(badge, :link_url, '')).to be_nil + expect(badge.errors.first[1]).to eq 'must be a valid URL' + end + + it 'does not allow urls with CR or LF characters' do + aggregate_failures do + urls_with_CRLF.each do |url| + expect(validator.validate_each(badge, :link_url, url)[0]).to eq 'is blocked: URI is invalid' + end + end + end + end + context 'by default' do let(:validator) { described_class.new(attributes: [:link_url]) } |