Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/middleware
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/middleware')
-rw-r--r--spec/lib/gitlab/middleware/basic_health_check_spec.rb2
-rw-r--r--spec/lib/gitlab/middleware/go_spec.rb2
-rw-r--r--spec/lib/gitlab/middleware/handle_ip_spoof_attack_error_spec.rb2
-rw-r--r--spec/lib/gitlab/middleware/multipart_spec.rb80
-rw-r--r--spec/lib/gitlab/middleware/rails_queue_duration_spec.rb2
-rw-r--r--spec/lib/gitlab/middleware/read_only_spec.rb2
-rw-r--r--spec/lib/gitlab/middleware/release_env_spec.rb2
-rw-r--r--spec/lib/gitlab/middleware/request_context_spec.rb2
-rw-r--r--spec/lib/gitlab/middleware/same_site_cookies_spec.rb2
9 files changed, 87 insertions, 9 deletions
diff --git a/spec/lib/gitlab/middleware/basic_health_check_spec.rb b/spec/lib/gitlab/middleware/basic_health_check_spec.rb
index 07fda691ac8..0ca96de38da 100644
--- a/spec/lib/gitlab/middleware/basic_health_check_spec.rb
+++ b/spec/lib/gitlab/middleware/basic_health_check_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Gitlab::Middleware::BasicHealthCheck do
+RSpec.describe Gitlab::Middleware::BasicHealthCheck do
let(:app) { double(:app) }
let(:middleware) { described_class.new(app) }
let(:env) { {} }
diff --git a/spec/lib/gitlab/middleware/go_spec.rb b/spec/lib/gitlab/middleware/go_spec.rb
index 43a489f6df0..1fffef53a82 100644
--- a/spec/lib/gitlab/middleware/go_spec.rb
+++ b/spec/lib/gitlab/middleware/go_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Gitlab::Middleware::Go do
+RSpec.describe Gitlab::Middleware::Go do
let(:app) { double(:app) }
let(:middleware) { described_class.new(app) }
let(:env) do
diff --git a/spec/lib/gitlab/middleware/handle_ip_spoof_attack_error_spec.rb b/spec/lib/gitlab/middleware/handle_ip_spoof_attack_error_spec.rb
index ccfc5e93887..553ee589c62 100644
--- a/spec/lib/gitlab/middleware/handle_ip_spoof_attack_error_spec.rb
+++ b/spec/lib/gitlab/middleware/handle_ip_spoof_attack_error_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Gitlab::Middleware::HandleIpSpoofAttackError do
+RSpec.describe Gitlab::Middleware::HandleIpSpoofAttackError do
let(:spoof_error) { ActionDispatch::RemoteIp::IpSpoofAttackError.new('sensitive') }
let(:standard_error) { StandardError.new('error') }
let(:app) { -> (env) { env.is_a?(Exception) ? raise(env) : env } }
diff --git a/spec/lib/gitlab/middleware/multipart_spec.rb b/spec/lib/gitlab/middleware/multipart_spec.rb
index 705164d5445..3b64fe335e8 100644
--- a/spec/lib/gitlab/middleware/multipart_spec.rb
+++ b/spec/lib/gitlab/middleware/multipart_spec.rb
@@ -4,7 +4,7 @@ require 'spec_helper'
require 'tempfile'
-describe Gitlab::Middleware::Multipart do
+RSpec.describe Gitlab::Middleware::Multipart do
include_context 'multipart middleware context'
RSpec.shared_examples_for 'multipart upload files' do
@@ -232,4 +232,82 @@ describe Gitlab::Middleware::Multipart do
middleware.call(env)
end
end
+
+ describe '#call' do
+ context 'with packages storage' do
+ using RSpec::Parameterized::TableSyntax
+
+ let(:storage_path) { 'shared/packages' }
+
+ RSpec.shared_examples 'allowing the multipart upload' do
+ it 'allows files to be uploaded' do
+ with_tmp_dir('tmp/uploads', storage_path) do |dir, env|
+ allow(Packages::PackageFileUploader).to receive(:root).and_return(File.join(dir, storage_path))
+
+ expect(app).to receive(:call) do |env|
+ expect(get_params(env)['file']).to be_a(::UploadedFile)
+ end
+
+ middleware.call(env)
+ end
+ end
+ end
+
+ RSpec.shared_examples 'not allowing the multipart upload when package upload path is used' do
+ it 'does not allow files to be uploaded' do
+ with_tmp_dir('tmp/uploads', storage_path) do |dir, env|
+ # with_tmp_dir sets the same workhorse_upload_path for all Uploaders,
+ # so we have to prevent JobArtifactUploader and LfsObjectUploader to
+ # allow the tested path
+ allow(JobArtifactUploader).to receive(:workhorse_upload_path).and_return(Dir.tmpdir)
+ allow(LfsObjectUploader).to receive(:workhorse_upload_path).and_return(Dir.tmpdir)
+
+ status, headers, body = middleware.call(env)
+
+ expect(status).to eq(400)
+ expect(headers).to eq({ 'Content-Type' => 'text/plain' })
+ expect(body).to start_with('insecure path used')
+ end
+ end
+ end
+
+ RSpec.shared_examples 'adding package storage to multipart allowed paths' do
+ before do
+ expect(::Packages::PackageFileUploader).to receive(:workhorse_upload_path).and_call_original
+ end
+
+ it_behaves_like 'allowing the multipart upload'
+ end
+
+ RSpec.shared_examples 'not adding package storage to multipart allowed paths' do
+ before do
+ expect(::Packages::PackageFileUploader).not_to receive(:workhorse_upload_path)
+ end
+
+ it_behaves_like 'not allowing the multipart upload when package upload path is used'
+ end
+
+ where(:object_storage_enabled, :direct_upload_enabled, :example_name) do
+ false | true | 'adding package storage to multipart allowed paths'
+ false | false | 'adding package storage to multipart allowed paths'
+ true | true | 'not adding package storage to multipart allowed paths'
+ true | false | 'adding package storage to multipart allowed paths'
+ end
+
+ with_them do
+ before do
+ stub_config(packages: {
+ enabled: true,
+ object_store: {
+ enabled: object_storage_enabled,
+ direct_upload: direct_upload_enabled
+ },
+ storage_path: storage_path
+ })
+ end
+
+ it_behaves_like params[:example_name]
+ end
+ end
+ end
end
diff --git a/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb b/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb
index 4f21bd14122..8f9b0aec9eb 100644
--- a/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb
+++ b/spec/lib/gitlab/middleware/rails_queue_duration_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Gitlab::Middleware::RailsQueueDuration do
+RSpec.describe Gitlab::Middleware::RailsQueueDuration do
let(:app) { double(:app) }
let(:middleware) { described_class.new(app) }
let(:env) { {} }
diff --git a/spec/lib/gitlab/middleware/read_only_spec.rb b/spec/lib/gitlab/middleware/read_only_spec.rb
index c7e9b38e3ca..3bdf2a5077f 100644
--- a/spec/lib/gitlab/middleware/read_only_spec.rb
+++ b/spec/lib/gitlab/middleware/read_only_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Gitlab::Middleware::ReadOnly do
+RSpec.describe Gitlab::Middleware::ReadOnly do
include Rack::Test::Methods
using RSpec::Parameterized::TableSyntax
diff --git a/spec/lib/gitlab/middleware/release_env_spec.rb b/spec/lib/gitlab/middleware/release_env_spec.rb
index 3ca40f4ebd0..ca0ec0b9d83 100644
--- a/spec/lib/gitlab/middleware/release_env_spec.rb
+++ b/spec/lib/gitlab/middleware/release_env_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Gitlab::Middleware::ReleaseEnv do
+RSpec.describe Gitlab::Middleware::ReleaseEnv do
let(:inner_app) { double(:app, call: 'yay') }
let(:app) { described_class.new(inner_app) }
let(:env) { { 'action_controller.instance' => 'something' } }
diff --git a/spec/lib/gitlab/middleware/request_context_spec.rb b/spec/lib/gitlab/middleware/request_context_spec.rb
index 1ed06a97c1e..431f4453e37 100644
--- a/spec/lib/gitlab/middleware/request_context_spec.rb
+++ b/spec/lib/gitlab/middleware/request_context_spec.rb
@@ -4,7 +4,7 @@ require 'rack'
require 'request_store'
require_relative '../../../support/helpers/next_instance_of'
-describe Gitlab::Middleware::RequestContext do
+RSpec.describe Gitlab::Middleware::RequestContext do
include NextInstanceOf
let(:app) { -> (env) {} }
diff --git a/spec/lib/gitlab/middleware/same_site_cookies_spec.rb b/spec/lib/gitlab/middleware/same_site_cookies_spec.rb
index 0cf1028a930..7c5262ca318 100644
--- a/spec/lib/gitlab/middleware/same_site_cookies_spec.rb
+++ b/spec/lib/gitlab/middleware/same_site_cookies_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe Gitlab::Middleware::SameSiteCookies do
+RSpec.describe Gitlab::Middleware::SameSiteCookies do
include Rack::Test::Methods
let(:mock_app) do
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-14 20:43:54 +0300