diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-01-18 14:02:44 +0300 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2017-01-18 14:07:19 +0300 |
commit | 53f4f849956e10ccbbf4a9011b46b84da33129b0 (patch) | |
tree | ba1e9d8d52e64b26b07b5c7eba80f94f5e79b1a9 /spec | |
parent | 2e088c06d1ebb5f33469da0eb07664cd170207cc (diff) |
Add URL validations for generic commit statuses
Diffstat (limited to 'spec')
-rw-r--r-- | spec/models/generic_commit_status_spec.rb | 7 | ||||
-rw-r--r-- | spec/requests/api/commit_statuses_spec.rb | 9 |
2 files changed, 13 insertions, 3 deletions
diff --git a/spec/models/generic_commit_status_spec.rb b/spec/models/generic_commit_status_spec.rb index b17d7cfe94c..f4c3e6d503f 100644 --- a/spec/models/generic_commit_status_spec.rb +++ b/spec/models/generic_commit_status_spec.rb @@ -10,6 +10,13 @@ describe GenericCommitStatus, models: true do target_url: external_url) end + describe 'validations' do + it { is_expected.to validate_length_of(:target_url).is_at_most(255) } + it { is_expected.to allow_value(nil).for(:target_url) } + it { is_expected.to allow_value('http://gitlab.com/s').for(:target_url) } + it { is_expected.not_to allow_value('javascript:alert(1)').for(:target_url) } + end + describe '#context' do subject { generic_commit_status.context } before { generic_commit_status.context = 'my_context' } diff --git a/spec/requests/api/commit_statuses_spec.rb b/spec/requests/api/commit_statuses_spec.rb index 335efc4db6c..ffd38ff303a 100644 --- a/spec/requests/api/commit_statuses_spec.rb +++ b/spec/requests/api/commit_statuses_spec.rb @@ -152,8 +152,11 @@ describe API::CommitStatuses, api: true do context 'with all optional parameters' do before do - optional_params = { state: 'success', context: 'coverage', - ref: 'develop', target_url: 'url', description: 'test' } + optional_params = { state: 'success', + context: 'coverage', + ref: 'develop', + description: 'test', + target_url: 'http://gitlab.com/status' } post api(post_url, developer), optional_params end @@ -164,8 +167,8 @@ describe API::CommitStatuses, api: true do expect(json_response['status']).to eq('success') expect(json_response['name']).to eq('coverage') expect(json_response['ref']).to eq('develop') - expect(json_response['target_url']).to eq('url') expect(json_response['description']).to eq('test') + expect(json_response['target_url']).to eq('http://gitlab.com/status') end end |