diff options
| -rw-r--r-- | app/models/generic_commit_status.rb | 4 | ||||
| -rw-r--r-- | spec/models/generic_commit_status_spec.rb | 7 | ||||
| -rw-r--r-- | spec/requests/api/commit_statuses_spec.rb | 9 |
3 files changed, 17 insertions, 3 deletions
diff --git a/app/models/generic_commit_status.rb b/app/models/generic_commit_status.rb index 9f6ca11c0df..8867ba0d2ff 100644 --- a/app/models/generic_commit_status.rb +++ b/app/models/generic_commit_status.rb @@ -1,6 +1,10 @@ class GenericCommitStatus < CommitStatus before_validation :set_default_values + validates :target_url, addressable_url: true, + length: { maximum: 255 }, + allow_nil: true + # GitHub compatible API alias_attribute :context, :name diff --git a/spec/models/generic_commit_status_spec.rb b/spec/models/generic_commit_status_spec.rb index b17d7cfe94c..f4c3e6d503f 100644 --- a/spec/models/generic_commit_status_spec.rb +++ b/spec/models/generic_commit_status_spec.rb @@ -10,6 +10,13 @@ describe GenericCommitStatus, models: true do target_url: external_url) end + describe 'validations' do + it { is_expected.to validate_length_of(:target_url).is_at_most(255) } + it { is_expected.to allow_value(nil).for(:target_url) } + it { is_expected.to allow_value('http://gitlab.com/s').for(:target_url) } + it { is_expected.not_to allow_value('javascript:alert(1)').for(:target_url) } + end + describe '#context' do subject { generic_commit_status.context } before { generic_commit_status.context = 'my_context' } diff --git a/spec/requests/api/commit_statuses_spec.rb b/spec/requests/api/commit_statuses_spec.rb index 335efc4db6c..ffd38ff303a 100644 --- a/spec/requests/api/commit_statuses_spec.rb +++ b/spec/requests/api/commit_statuses_spec.rb @@ -152,8 +152,11 @@ describe API::CommitStatuses, api: true do context 'with all optional parameters' do before do - optional_params = { state: 'success', context: 'coverage', - ref: 'develop', target_url: 'url', description: 'test' } + optional_params = { state: 'success', + context: 'coverage', + ref: 'develop', + description: 'test', + target_url: 'http://gitlab.com/status' } post api(post_url, developer), optional_params end @@ -164,8 +167,8 @@ describe API::CommitStatuses, api: true do expect(json_response['status']).to eq('success') expect(json_response['name']).to eq('coverage') expect(json_response['ref']).to eq('develop') - expect(json_response['target_url']).to eq('url') expect(json_response['description']).to eq('test') + expect(json_response['target_url']).to eq('http://gitlab.com/status') end end |