Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2018-10-08 09:16:45 +0300
committerStan Hu <stanhu@gmail.com>2018-10-08 23:32:31 +0300
commit22d7c1379fea684dc09e9347e134741fb6b5b2c6 (patch)
treef9f818bc18c9612f38410353ff018230df8f28db /spec
parentc3389c8006443e2b4d994eb15e60bd249fc4732f (diff)
Reject invalid branch names in repository compare controller
Closes #51003
Diffstat (limited to 'spec')
-rw-r--r--spec/controllers/projects/compare_controller_spec.rb24
1 files changed, 24 insertions, 0 deletions
diff --git a/spec/controllers/projects/compare_controller_spec.rb b/spec/controllers/projects/compare_controller_spec.rb
index 8695aa826bb..17883d0fadd 100644
--- a/spec/controllers/projects/compare_controller_spec.rb
+++ b/spec/controllers/projects/compare_controller_spec.rb
@@ -97,6 +97,30 @@ describe Projects::CompareController do
expect(assigns(:commits)).to eq([])
end
end
+
+ context 'when the target ref is invalid' do
+ let(:target_ref) { "master%' AND 2554=4423 AND '%'='" }
+ let(:source_ref) { "improve%2Fawesome" }
+
+ it 'shows a flash message and redirects' do
+ show_request
+
+ expect(flash[:alert]).to eq('Invalid branch name')
+ expect(response).to have_http_status(302)
+ end
+ end
+
+ context 'when the source ref is invalid' do
+ let(:source_ref) { "master%' AND 2554=4423 AND '%'='" }
+ let(:target_ref) { "improve%2Fawesome" }
+
+ it 'shows a flash message and redirects' do
+ show_request
+
+ expect(flash[:alert]).to eq('Invalid branch name')
+ expect(response).to have_http_status(302)
+ end
+ end
end
describe 'GET diff_for_path' do
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-29 12:53:56 +0300