Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/services/search_service_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/services/search_service_spec.rb')
-rw-r--r--spec/services/search_service_spec.rb104
1 files changed, 94 insertions, 10 deletions
diff --git a/spec/services/search_service_spec.rb b/spec/services/search_service_spec.rb
index 40fb257b23e..d7a36ff370e 100644
--- a/spec/services/search_service_spec.rb
+++ b/spec/services/search_service_spec.rb
@@ -20,6 +20,7 @@ RSpec.describe SearchService do
let(:page) { 1 }
let(:per_page) { described_class::DEFAULT_PER_PAGE }
+ let(:valid_search) { "what is love?" }
subject(:search_service) { described_class.new(user, search: search, scope: scope, page: page, per_page: per_page) }
@@ -30,7 +31,7 @@ RSpec.describe SearchService do
describe '#project' do
context 'when the project is accessible' do
it 'returns the project' do
- project = described_class.new(user, project_id: accessible_project.id).project
+ project = described_class.new(user, project_id: accessible_project.id, search: valid_search).project
expect(project).to eq accessible_project
end
@@ -39,7 +40,7 @@ RSpec.describe SearchService do
search_project = create :project
search_project.add_guest(user)
- project = described_class.new(user, project_id: search_project.id).project
+ project = described_class.new(user, project_id: search_project.id, search: valid_search).project
expect(project).to eq search_project
end
@@ -47,7 +48,7 @@ RSpec.describe SearchService do
context 'when the project is not accessible' do
it 'returns nil' do
- project = described_class.new(user, project_id: inaccessible_project.id).project
+ project = described_class.new(user, project_id: inaccessible_project.id, search: valid_search).project
expect(project).to be_nil
end
@@ -55,7 +56,7 @@ RSpec.describe SearchService do
context 'when there is no project_id' do
it 'returns nil' do
- project = described_class.new(user).project
+ project = described_class.new(user, search: valid_search).project
expect(project).to be_nil
end
@@ -65,7 +66,7 @@ RSpec.describe SearchService do
describe '#group' do
context 'when the group is accessible' do
it 'returns the group' do
- group = described_class.new(user, group_id: accessible_group.id).group
+ group = described_class.new(user, group_id: accessible_group.id, search: valid_search).group
expect(group).to eq accessible_group
end
@@ -73,7 +74,7 @@ RSpec.describe SearchService do
context 'when the group is not accessible' do
it 'returns nil' do
- group = described_class.new(user, group_id: inaccessible_group.id).group
+ group = described_class.new(user, group_id: inaccessible_group.id, search: valid_search).group
expect(group).to be_nil
end
@@ -81,7 +82,7 @@ RSpec.describe SearchService do
context 'when there is no group_id' do
it 'returns nil' do
- group = described_class.new(user).group
+ group = described_class.new(user, search: valid_search).group
expect(group).to be_nil
end
@@ -118,7 +119,7 @@ RSpec.describe SearchService do
context 'with accessible project_id' do
context 'and allowed scope' do
it 'returns the specified scope' do
- scope = described_class.new(user, project_id: accessible_project.id, scope: 'notes').scope
+ scope = described_class.new(user, project_id: accessible_project.id, scope: 'notes', search: valid_search).scope
expect(scope).to eq 'notes'
end
@@ -126,7 +127,7 @@ RSpec.describe SearchService do
context 'and disallowed scope' do
it 'returns the default scope' do
- scope = described_class.new(user, project_id: accessible_project.id, scope: 'projects').scope
+ scope = described_class.new(user, project_id: accessible_project.id, scope: 'projects', search: valid_search).scope
expect(scope).to eq 'blobs'
end
@@ -134,7 +135,7 @@ RSpec.describe SearchService do
context 'and no scope' do
it 'returns the default scope' do
- scope = described_class.new(user, project_id: accessible_project.id).scope
+ scope = described_class.new(user, project_id: accessible_project.id, search: valid_search).scope
expect(scope).to eq 'blobs'
end
@@ -552,4 +553,87 @@ RSpec.describe SearchService do
end
end
end
+
+ describe '#valid_request?' do
+ let(:scope) { 'issues' }
+ let(:search) { 'foobar' }
+ let(:params) { instance_double(Gitlab::Search::Params) }
+
+ before do
+ allow(Gitlab::Search::Params).to receive(:new).and_return(params)
+ allow(params).to receive(:valid?).and_return double(:valid?)
+ end
+
+ it 'is the return value of params.valid?' do
+ expect(subject.valid_request?).to eq(params.valid?)
+ end
+ end
+
+ describe '#abuse_messages' do
+ let(:scope) { 'issues' }
+ let(:search) { 'foobar' }
+ let(:params) { instance_double(Gitlab::Search::Params) }
+
+ before do
+ allow(Gitlab::Search::Params).to receive(:new).and_return(params)
+ end
+
+ it 'returns an empty array when not abusive' do
+ allow(params).to receive(:abusive?).and_return false
+ expect(subject.abuse_messages).to match_array([])
+ end
+
+ it 'calls on abuse_detection.errors.full_messages when abusive' do
+ allow(params).to receive(:abusive?).and_return true
+ expect(params).to receive_message_chain(:abuse_detection, :errors, :full_messages)
+ subject.abuse_messages
+ end
+ end
+
+ describe 'abusive search handling' do
+ subject { described_class.new(user, raw_params) }
+
+ let(:raw_params) { { search: search, scope: scope } }
+ let(:search) { 'foobar' }
+
+ let(:search_service) { double(:search_service) }
+
+ before do
+ stub_feature_flags(prevent_abusive_searches: should_detect_abuse)
+ expect(Gitlab::Search::Params).to receive(:new)
+ .with(raw_params, detect_abuse: should_detect_abuse).and_call_original
+
+ allow(subject).to receive(:search_service).and_return search_service
+ end
+
+ context 'when abusive search but prevent_abusive_searches FF is disabled' do
+ let(:should_detect_abuse) { false }
+ let(:scope) { '1;drop%20table' }
+
+ it 'executes search even if params are abusive' do
+ expect(search_service).to receive(:execute)
+ subject.search_results
+ end
+ end
+
+ context 'a search is abusive' do
+ let(:should_detect_abuse) { true }
+ let(:scope) { '1;drop%20table' }
+
+ it 'does NOT execute search service' do
+ expect(search_service).not_to receive(:execute)
+ subject.search_results
+ end
+ end
+
+ context 'a search is NOT abusive' do
+ let(:should_detect_abuse) { true }
+ let(:scope) { 'issues' }
+
+ it 'executes search service' do
+ expect(search_service).to receive(:execute)
+ subject.search_results
+ end
+ end
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 02:05:15 +0300