diff options
| author | Stan Hu <stanhu@gmail.com> | 2018-12-26 10:34:47 +0300 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2019-04-15 01:26:25 +0300 |
| commit | e675fe4621bc5668d5d9b72961a38be72baf23dd (patch) | |
| tree | cb4c8593d12c0bfa3cc223973052d4a657fb510c /spec | |
| parent | d2d9fb9a863909d1002029ddd19247b52264ab4d (diff) | |
Validate refs used in controllers don't have spaces
This avoids an unnecessary call to Gitaly and reduces gRPC errors.
* Closes https://gitlab.com/gitlab-org/gitaly/issues/1425
* Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/58572
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/controllers/projects/tree_controller_spec.rb | 20 | ||||
| -rw-r--r-- | spec/lib/extracts_path_spec.rb | 30 |
2 files changed, 50 insertions, 0 deletions
diff --git a/spec/controllers/projects/tree_controller_spec.rb b/spec/controllers/projects/tree_controller_spec.rb index 78201498eaa..6d9a0be6f2e 100644 --- a/spec/controllers/projects/tree_controller_spec.rb +++ b/spec/controllers/projects/tree_controller_spec.rb @@ -72,6 +72,26 @@ describe Projects::TreeController do end end + describe 'GET show with whitespace in ref' do + render_views + + let(:id) { "this ref/api/responses" } + + it 'does not call make a Gitaly request' do + allow(::Gitlab::GitalyClient).to receive(:call).and_call_original + expect(::Gitlab::GitalyClient).not_to receive(:call).with(anything, :commit_service, :find_commit, anything, anything) + + get(:show, + params: { + namespace_id: project.namespace.to_param, + project_id: project, + id: id + }) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + describe 'GET show with blob path' do render_views diff --git a/spec/lib/extracts_path_spec.rb b/spec/lib/extracts_path_spec.rb index e0691aba600..21ba72953fb 100644 --- a/spec/lib/extracts_path_spec.rb +++ b/spec/lib/extracts_path_spec.rb @@ -44,6 +44,36 @@ describe ExtractsPath do end end + context 'ref contains trailing space' do + let(:ref) { 'master ' } + + it 'strips surrounding space' do + assign_ref_vars + + expect(@ref).to eq('master') + end + end + + context 'ref contains leading space' do + let(:ref) { ' master ' } + + it 'strips surrounding space' do + assign_ref_vars + + expect(@ref).to eq('master') + end + end + + context 'ref contains space in the middle' do + let(:ref) { 'master plan ' } + + it 'returns 404' do + expect(self).to receive(:render_404) + + assign_ref_vars + end + end + context 'path contains space' do let(:params) { { path: 'with space', ref: '38008cb17ce1466d8fec2dfa6f6ab8dcfe5cf49e' } } |