From 7c37ef88d96e6e073d0465c4910f487adae0f245 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 30 Oct 2023 12:58:20 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee --- spec/lib/gitlab/search/abuse_detection_spec.rb | 28 +++++++++++++++----------- 1 file changed, 16 insertions(+), 12 deletions(-) (limited to 'spec/lib/gitlab/search/abuse_detection_spec.rb') diff --git a/spec/lib/gitlab/search/abuse_detection_spec.rb b/spec/lib/gitlab/search/abuse_detection_spec.rb index f9a1d0211b9..cbf20614ba5 100644 --- a/spec/lib/gitlab/search/abuse_detection_spec.rb +++ b/spec/lib/gitlab/search/abuse_detection_spec.rb @@ -10,12 +10,12 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search describe 'abusive scopes validation' do it 'allows only approved scopes' do described_class::ALLOWED_SCOPES.each do |scope| - expect(described_class.new(scope: scope)).to be_valid + expect(described_class.new({ scope: scope })).to be_valid end end it 'disallows anything not approved' do - expect(described_class.new(scope: 'nope')).not_to be_valid + expect(described_class.new({ scope: 'nope' })).not_to be_valid end end @@ -55,14 +55,14 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search it 'considers non Integers to be invalid' do [:project_id, :group_id].each do |param| [[1, 2, 3], 'xyz', 3.14, { foo: :bar }].each do |dtype| - expect(described_class.new(param => dtype)).not_to be_valid + expect(described_class.new({ param => dtype })).not_to be_valid end end end it 'considers Integers to be valid' do [:project_id, :group_id].each do |param| - expect(described_class.new(param => 123)).to be_valid + expect(described_class.new({ param => 123 })).to be_valid end end end @@ -70,7 +70,7 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search describe 'query_string validation' do using ::RSpec::Parameterized::TableSyntax - subject { described_class.new(query_string: search) } + subject { described_class.new({ query_string: search }) } let(:validation_errors) do subject.validate @@ -82,11 +82,15 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search word | { query_string: ['stopword only abusive search detected'] } end - 'x' | { query_string: ['abusive tiny search detected'] } - ('x' * described_class::ABUSIVE_TERM_SIZE) | { query_string: ['abusive term length detected'] } - '' | {} - '*' | {} - 'ruby' | {} + (['apples'] * (described_class::MAX_PIPE_SYNTAX_FILTERS + 1)).join('|') | { query_string: ['too many pipe syntax filters'] } # rubocop:disable Layout/LineLength + (['apples'] * described_class::MAX_PIPE_SYNTAX_FILTERS).join('|') | {} + 'x' | { query_string: ['abusive tiny search detected'] } + 'apples|x' | { query_string: ['abusive tiny search detected'] } + ('x' * described_class::ABUSIVE_TERM_SIZE) | { query_string: ['abusive term length detected'] } + "apples|#{'x' * described_class::ABUSIVE_TERM_SIZE}" | { query_string: ['abusive term length detected'] } + '' | {} + '*' | {} + 'ruby' | {} end with_them do @@ -100,14 +104,14 @@ RSpec.describe Gitlab::Search::AbuseDetection, feature_category: :global_search it 'considers anything not a String invalid' do [:query_string, :scope, :repository_ref, :project_ref].each do |param| [[1, 2, 3], 123, 3.14, { foo: :bar }].each do |dtype| - expect(described_class.new(param => dtype)).not_to be_valid + expect(described_class.new({ param => dtype })).not_to be_valid end end end it 'considers Strings to be valid' do [:query_string, :repository_ref, :project_ref].each do |param| - expect(described_class.new(param => "foo")).to be_valid + expect(described_class.new({ param => "foo" })).to be_valid end end end -- cgit v1.2.3