diff options
| author | Robert Schilling <rschilling@student.tugraz.at> | 2018-08-21 11:29:51 +0200 |
|---|---|---|
| committer | Robert Schilling <rschilling@student.tugraz.at> | 2018-08-21 11:49:06 +0200 |
| commit | 72b5c9af62be8d2b5531077e09517b09be189539 (patch) | |
| tree | 843d8a2310a9ec2a55b1c83ec5e5fc2fd0f41b2f | |
| parent | cc9764acd049776a40b2188f72436b824f5b0d1a (diff) | |
| download | gitlab-ce-72b5c9af62be8d2b5531077e09517b09be189539.tar.gz | |
API: Catch empty code content for project snippets
| -rw-r--r-- | changelogs/unreleased/api-empty-project-snippets.yml | 5 | ||||
| -rw-r--r-- | lib/api/project_snippets.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/project_snippets_spec.rb | 16 |
3 files changed, 23 insertions, 2 deletions
diff --git a/changelogs/unreleased/api-empty-project-snippets.yml b/changelogs/unreleased/api-empty-project-snippets.yml new file mode 100644 index 00000000000..7b8c7c9e48d --- /dev/null +++ b/changelogs/unreleased/api-empty-project-snippets.yml @@ -0,0 +1,5 @@ +--- +title: 'API: Catch empty code content for project snippets' +merge_request: 21325 +author: Robert Schilling +type: fixed diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index 1de5551fee9..0ada0ef4708 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -49,7 +49,7 @@ module API params do requires :title, type: String, desc: 'The title of the snippet' requires :file_name, type: String, desc: 'The file name of the snippet' - requires :code, type: String, desc: 'The content of the snippet' + requires :code, type: String, allow_blank: false, desc: 'The content of the snippet' optional :description, type: String, desc: 'The description of a snippet' requires :visibility, type: String, values: Gitlab::VisibilityLevel.string_values, @@ -78,7 +78,7 @@ module API requires :snippet_id, type: Integer, desc: 'The ID of a project snippet' optional :title, type: String, desc: 'The title of the snippet' optional :file_name, type: String, desc: 'The file name of the snippet' - optional :code, type: String, desc: 'The content of the snippet' + optional :code, type: String, allow_blank: false, desc: 'The content of the snippet' optional :description, type: String, desc: 'The description of a snippet' optional :visibility, type: String, values: Gitlab::VisibilityLevel.string_values, diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb index a3b5e8c6223..5dec0bc778c 100644 --- a/spec/requests/api/project_snippets_spec.rb +++ b/spec/requests/api/project_snippets_spec.rb @@ -116,6 +116,14 @@ describe API::ProjectSnippets do expect(response).to have_gitlab_http_status(400) end + it 'returns 400 for empty code field' do + params[:code] = '' + + post api("/projects/#{project.id}/snippets/", admin), params + + expect(response).to have_gitlab_http_status(400) + end + context 'when the snippet is spam' do def create_snippet(project, snippet_params = {}) project.add_developer(user) @@ -180,6 +188,14 @@ describe API::ProjectSnippets do expect(response).to have_gitlab_http_status(400) end + it 'returns 400 for empty code field' do + new_content = '' + + put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), code: new_content + + expect(response).to have_gitlab_http_status(400) + end + context 'when the snippet is spam' do def update_snippet(snippet_params = {}) put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin), snippet_params |