diff options
Diffstat (limited to 'spec/lib/gitlab/path_regex_spec.rb')
| -rw-r--r-- | spec/lib/gitlab/path_regex_spec.rb | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/spec/lib/gitlab/path_regex_spec.rb b/spec/lib/gitlab/path_regex_spec.rb index 7cecc29afa4..f320b8a66e8 100644 --- a/spec/lib/gitlab/path_regex_spec.rb +++ b/spec/lib/gitlab/path_regex_spec.rb @@ -101,10 +101,15 @@ RSpec.describe Gitlab::PathRegex do .concat(ee_top_level_words) .concat(files_in_public) .concat(Array(API::API.prefix.to_s)) + .concat(sitemap_words) .compact .uniq end + let(:sitemap_words) do + %w(sitemap sitemap.xml sitemap.xml.gz) + end + let(:ee_top_level_words) do %w(unsubscribes v2) end @@ -172,7 +177,7 @@ RSpec.describe Gitlab::PathRegex do # We ban new items in this list, see https://gitlab.com/gitlab-org/gitlab/-/issues/215362 it 'does not allow expansion' do - expect(described_class::TOP_LEVEL_ROUTES.size).to eq(41) + expect(described_class::TOP_LEVEL_ROUTES.size).to eq(44) end end @@ -218,6 +223,8 @@ RSpec.describe Gitlab::PathRegex do expect(subject).not_to match('admin/') expect(subject).not_to match('api/') expect(subject).not_to match('.well-known/') + expect(subject).not_to match('sitemap.xml/') + expect(subject).not_to match('sitemap.xml.gz/') end it 'accepts project wildcard routes' do @@ -458,4 +465,34 @@ RSpec.describe Gitlab::PathRegex do it_behaves_like 'invalid snippet routes' end + + describe '.container_image_regex' do + subject { described_class.container_image_regex } + + it { is_expected.to match('gitlab-foss') } + it { is_expected.to match('gitlab_foss') } + it { is_expected.to match('gitlab-org/gitlab-foss') } + it { is_expected.to match('100px.com/100px.ruby') } + + it 'only matches at most one slash' do + expect(subject.match('foo/bar/baz')[0]).to eq('foo/bar') + end + + it 'does not match other non-word characters' do + expect(subject.match('ruby:2.7.0')[0]).to eq('ruby') + end + end + + describe '.container_image_blob_sha_regex' do + subject { described_class.container_image_blob_sha_regex } + + it { is_expected.to match('sha256:asdf1234567890ASDF') } + it { is_expected.to match('foo:123') } + it { is_expected.to match('a12bc3f590szp') } + it { is_expected.not_to match('') } + + it 'does not match malicious characters' do + expect(subject.match('sha256:asdf1234%2f')[0]).to eq('sha256:asdf1234') + end + end end |