diff options
author | Stan Hu <stanhu@gmail.com> | 2018-10-08 09:16:45 +0300 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-10-08 23:32:31 +0300 |
commit | 22d7c1379fea684dc09e9347e134741fb6b5b2c6 (patch) | |
tree | f9f818bc18c9612f38410353ff018230df8f28db /spec | |
parent | c3389c8006443e2b4d994eb15e60bd249fc4732f (diff) |
Reject invalid branch names in repository compare controller
Closes #51003
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/projects/compare_controller_spec.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/spec/controllers/projects/compare_controller_spec.rb b/spec/controllers/projects/compare_controller_spec.rb index 8695aa826bb..17883d0fadd 100644 --- a/spec/controllers/projects/compare_controller_spec.rb +++ b/spec/controllers/projects/compare_controller_spec.rb @@ -97,6 +97,30 @@ describe Projects::CompareController do expect(assigns(:commits)).to eq([]) end end + + context 'when the target ref is invalid' do + let(:target_ref) { "master%' AND 2554=4423 AND '%'='" } + let(:source_ref) { "improve%2Fawesome" } + + it 'shows a flash message and redirects' do + show_request + + expect(flash[:alert]).to eq('Invalid branch name') + expect(response).to have_http_status(302) + end + end + + context 'when the source ref is invalid' do + let(:source_ref) { "master%' AND 2554=4423 AND '%'='" } + let(:target_ref) { "improve%2Fawesome" } + + it 'shows a flash message and redirects' do + show_request + + expect(flash[:alert]).to eq('Invalid branch name') + expect(response).to have_http_status(302) + end + end end describe 'GET diff_for_path' do |