From ba60d4f6e4f3a6d3cb56c9320f475bee8f0b38da Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Thu, 22 Jun 2017 15:33:17 +0000
Subject: Merge branch '24570-use-re2-for-user-supplied-regexp-9-3' into
 'security-9-3'

24570 use re2 for user supplied regexp 9 3

See merge request !2129
---
 spec/lib/gitlab/route_map_spec.rb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'spec/lib/gitlab/route_map_spec.rb')

diff --git a/spec/lib/gitlab/route_map_spec.rb b/spec/lib/gitlab/route_map_spec.rb
index 21c00c6e5b8..e8feb21e4d7 100644
--- a/spec/lib/gitlab/route_map_spec.rb
+++ b/spec/lib/gitlab/route_map_spec.rb
@@ -55,6 +55,19 @@ describe Gitlab::RouteMap, lib: true do
   end
 
   describe '#public_path_for_source_path' do
+    context 'malicious regexp' do
+      include_examples 'malicious regexp'
+
+      subject do
+        map = described_class.new(<<-"MAP".strip_heredoc)
+        - source: '#{malicious_regexp}'
+          public: '/'
+        MAP
+
+        map.public_path_for_source_path(malicious_text)
+      end
+    end
+
     subject do
       described_class.new(<<-'MAP'.strip_heredoc)
         # Team data
-- 
cgit v1.2.3