diff options
| author | Douwe Maan <douwe@gitlab.com> | 2018-10-09 12:00:28 +0300 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2018-10-09 12:00:28 +0300 |
| commit | 0c9a6c348b86bcebe72047b93bf46f4a49f998f8 (patch) | |
| tree | 94ef1028351ac270c27067ebf37d7e794f376c28 /spec | |
| parent | a78269289e1b6b08afe5e67c6d6af59b9e10acc6 (diff) | |
| parent | 22d7c1379fea684dc09e9347e134741fb6b5b2c6 (diff) | |
Merge branch 'sh-handle-invalid-comparison' into 'master'
Reject invalid branch names in repository compare controller
Closes #51003
See merge request gitlab-org/gitlab-ce!22186
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/controllers/projects/compare_controller_spec.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/spec/controllers/projects/compare_controller_spec.rb b/spec/controllers/projects/compare_controller_spec.rb index 8695aa826bb..17883d0fadd 100644 --- a/spec/controllers/projects/compare_controller_spec.rb +++ b/spec/controllers/projects/compare_controller_spec.rb @@ -97,6 +97,30 @@ describe Projects::CompareController do expect(assigns(:commits)).to eq([]) end end + + context 'when the target ref is invalid' do + let(:target_ref) { "master%' AND 2554=4423 AND '%'='" } + let(:source_ref) { "improve%2Fawesome" } + + it 'shows a flash message and redirects' do + show_request + + expect(flash[:alert]).to eq('Invalid branch name') + expect(response).to have_http_status(302) + end + end + + context 'when the source ref is invalid' do + let(:source_ref) { "master%' AND 2554=4423 AND '%'='" } + let(:target_ref) { "improve%2Fawesome" } + + it 'shows a flash message and redirects' do + show_request + + expect(flash[:alert]).to eq('Invalid branch name') + expect(response).to have_http_status(302) + end + end end describe 'GET diff_for_path' do |