From 430576c997e7cfc61b003cf6dbf12817ef899eef Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Tue, 1 Nov 2022 11:52:43 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@15-5-stable-ee

---
 spec/requests/api/ci/secure_files_spec.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'spec/requests/api')

diff --git a/spec/requests/api/ci/secure_files_spec.rb b/spec/requests/api/ci/secure_files_spec.rb
index f1f22dfadc2..0b8116d5e20 100644
--- a/spec/requests/api/ci/secure_files_spec.rb
+++ b/spec/requests/api/ci/secure_files_spec.rb
@@ -341,6 +341,15 @@ RSpec.describe API::Ci::SecureFiles do
 
         expect(response).to have_gitlab_http_status(:payload_too_large)
       end
+
+      it 'returns an error when and invalid file name is supplied' do
+        params = file_params.merge(name: '../../upload-keystore.jks')
+        expect do
+          post api("/projects/#{project.id}/secure_files", maintainer), params: params
+        end.not_to change { project.secure_files.count }
+
+        expect(response).to have_gitlab_http_status(:internal_server_error)
+      end
     end
 
     context 'authenticated user with read permissions' do
-- 
cgit v1.2.3