Add table and model for error tracking settings

author: Reuben Pereira <rpereira@gitlab.com> 2019-01-07 20:55:21 +0300
committer: Sean McGivern <sean@gitlab.com> 2019-01-07 20:55:21 +0300
commit: f40b5860d76a8ea5d964260834a6e83516b0f1fd (patch)
tree: 2a8e92896130697178f5c989e49fa686f66ce073 /spec
parent: 549ee8ada3b59278871a89720632584bc5cc11df (diff)
7 files changed, 113 insertions, 0 deletions
diff --git a/spec/db/schema_spec.rb b/spec/db/schema_spec.rb
index 7c505ee0d43..897b4411055 100644
--- a/spec/db/schema_spec.rb
+++ b/spec/db/schema_spec.rb
@@ -64,6 +64,7 @@ describe 'Database schema' do
         let(:indexes) { connection.indexes(table) }
         let(:columns) { connection.columns(table) }
         let(:foreign_keys) { connection.foreign_keys(table) }
+        let(:primary_key_column) { connection.primary_key(table) }
 
         context 'all foreign keys' do
           # for index to be effective, the FK constraint has to be at first place
@@ -71,6 +72,12 @@ describe 'Database schema' do
             first_indexed_column = indexes.map(&:columns).map(&:first)
             foreign_keys_columns = foreign_keys.map(&:column)
 
+            # Add the primary key column to the list of indexed columns because
+            # postgres and mysql both automatically create an index on the primary
+            # key. Also, the rails connection.indexes() method does not return
+            # automatically generated indexes (like the primary key index).
+            first_indexed_column = first_indexed_column.push(primary_key_column)
+
             expect(first_indexed_column.uniq).to include(*foreign_keys_columns)
           end
         end
diff --git a/spec/factories/project_error_tracking_settings.rb b/spec/factories/project_error_tracking_settings.rb
new file mode 100644
index 00000000000..f044cbe8755
--- /dev/null
+++ b/spec/factories/project_error_tracking_settings.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+FactoryBot.define do
+  factory :project_error_tracking_setting, class: ErrorTracking::ProjectErrorTrackingSetting do
+    project
+    api_url 'https://gitlab.com'
+    enabled true
+    token 'access_token_123'
+  end
+end
diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml
index d3cae137c3c..5afa9669b1a 100644
--- a/spec/lib/gitlab/import_export/all_models.yml
+++ b/spec/lib/gitlab/import_export/all_models.yml
@@ -314,6 +314,7 @@ project:
 - repository_languages
 - pool_repository
 - kubernetes_namespaces
+- error_tracking_setting
 award_emoji:
 - awardable
 - user
@@ -345,3 +346,5 @@ resource_label_events:
 - merge_request
 - epic
 - label
+error_tracking_setting:
+- project
diff --git a/spec/lib/gitlab/import_export/safe_model_attributes.yml b/spec/lib/gitlab/import_export/safe_model_attributes.yml
index 2422868474e..fe2087e8fc3 100644
--- a/spec/lib/gitlab/import_export/safe_model_attributes.yml
+++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml
@@ -600,3 +600,8 @@ ResourceLabelEvent:
 - label_id
 - user_id
 - created_at
+ErrorTracking::ProjectErrorTrackingSetting:
+- id
+- api_url
+- enabled
+- project_id
diff --git a/spec/models/error_tracking/project_error_tracking_setting_spec.rb b/spec/models/error_tracking/project_error_tracking_setting_spec.rb
new file mode 100644
index 00000000000..83f29718eda
--- /dev/null
+++ b/spec/models/error_tracking/project_error_tracking_setting_spec.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe ErrorTracking::ProjectErrorTrackingSetting do
+  set(:project) { create(:project) }
+
+  describe 'Associations' do
+    it { is_expected.to belong_to(:project) }
+  end
+
+  describe 'Validations' do
+    subject { create(:project_error_tracking_setting, project: project) }
+
+    context 'when api_url is over 255 chars' do
+      before do
+        subject.api_url = 'https://' + 'a' * 250
+      end
+
+      it 'fails validation' do
+        expect(subject).not_to be_valid
+        expect(subject.errors.messages[:api_url]).to include('is too long (maximum is 255 characters)')
+      end
+    end
+
+    context 'With unsafe url' do
+      let(:project_error_tracking_setting) { create(:project_error_tracking_setting, project: project) }
+
+      it 'fails validation' do
+        project_error_tracking_setting.api_url = "https://replaceme.com/'><script>alert(document.cookie)</script>"
+
+        expect(project_error_tracking_setting).not_to be_valid
+      end
+    end
+  end
+end
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 65b59c7b21b..5e7345ca180 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -62,6 +62,7 @@ describe Project do
     it { is_expected.to have_one(:last_event).class_name('Event') }
     it { is_expected.to have_one(:forked_from_project).through(:fork_network_member) }
     it { is_expected.to have_one(:auto_devops).class_name('ProjectAutoDevops') }
+    it { is_expected.to have_one(:error_tracking_setting).class_name('ErrorTracking::ProjectErrorTrackingSetting') }
     it { is_expected.to have_many(:commit_statuses) }
     it { is_expected.to have_many(:ci_pipelines) }
     it { is_expected.to have_many(:builds) }
diff --git a/spec/validators/url_validator_spec.rb b/spec/validators/url_validator_spec.rb
index f3f3386382f..1bb42382e8a 100644
--- a/spec/validators/url_validator_spec.rb
+++ b/spec/validators/url_validator_spec.rb
@@ -172,4 +172,55 @@ describe UrlValidator do
       end
     end
   end
+
+  context 'when enforce_sanitization is' do
+    let(:validator) { described_class.new(attributes: [:link_url], enforce_sanitization: enforce_sanitization) }
+    let(:unsafe_url) { "https://replaceme.com/'><script>alert(document.cookie)</script>" }
+    let(:safe_url) { 'https://replaceme.com/path/to/somewhere' }
+
+    let(:unsafe_internal_url) do
+      Gitlab.config.gitlab.protocol + '://' + Gitlab.config.gitlab.host +
+        "/'><script>alert(document.cookie)</script>"
+    end
+
+    context 'true' do
+      let(:enforce_sanitization) { true }
+
+      it 'prevents unsafe urls' do
+        badge.link_url = unsafe_url
+
+        subject
+
+        expect(badge.errors.empty?).to be false
+      end
+
+      it 'prevents unsafe internal urls' do
+        badge.link_url = unsafe_internal_url
+
+        subject
+
+        expect(badge.errors.empty?).to be false
+      end
+
+      it 'allows safe urls' do
+        badge.link_url = safe_url
+
+        subject
+
+        expect(badge.errors.empty?).to be true
+      end
+    end
+
+    context 'false' do
+      let(:enforce_sanitization) { false }
+
+      it 'allows unsafe urls' do
+        badge.link_url = unsafe_url
+
+        subject
+
+        expect(badge.errors.empty?).to be true
+      end
+    end
+  end
 end
author	Reuben Pereira <rpereira@gitlab.com>	2019-01-07 20:55:21 +0300
committer	Sean McGivern <sean@gitlab.com>	2019-01-07 20:55:21 +0300
commit	f40b5860d76a8ea5d964260834a6e83516b0f1fd (patch)
tree	2a8e92896130697178f5c989e49fa686f66ce073 /spec
parent	549ee8ada3b59278871a89720632584bc5cc11df (diff)