diff options
author | Francisco Javier López <fjlopez@gitlab.com> | 2018-06-01 11:43:53 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2018-06-01 11:43:53 +0000 |
commit | 840f80d48b7d8363f171f6137cd9f1fbafb52bfc (patch) | |
tree | 612c6f9b846f9f2f3b44931db12557024c49ef66 /spec/controllers/projects | |
parent | e206e32881e4fbfcbe647d7b2ee713c99ef1bf99 (diff) | |
download | gitlab-ce-840f80d48b7d8363f171f6137cd9f1fbafb52bfc.tar.gz |
Add validation to webhook and service URLs to ensure they are not blocked because of SSRF
Diffstat (limited to 'spec/controllers/projects')
-rw-r--r-- | spec/controllers/projects/mirrors_controller_spec.rb | 2 | ||||
-rw-r--r-- | spec/controllers/projects/services_controller_spec.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/spec/controllers/projects/mirrors_controller_spec.rb b/spec/controllers/projects/mirrors_controller_spec.rb index 45c1218a39c..5d64f362252 100644 --- a/spec/controllers/projects/mirrors_controller_spec.rb +++ b/spec/controllers/projects/mirrors_controller_spec.rb @@ -54,7 +54,7 @@ describe Projects::MirrorsController do do_put(project, remote_mirrors_attributes: remote_mirror_attributes) expect(response).to redirect_to(project_settings_repository_path(project)) - expect(flash[:alert]).to match(/must be a valid URL/) + expect(flash[:alert]).to match(/Only allowed protocols are/) end it 'should not create a RemoteMirror object' do diff --git a/spec/controllers/projects/services_controller_spec.rb b/spec/controllers/projects/services_controller_spec.rb index e4dc61b3a68..61f35cf325b 100644 --- a/spec/controllers/projects/services_controller_spec.rb +++ b/spec/controllers/projects/services_controller_spec.rb @@ -102,7 +102,7 @@ describe Projects::ServicesController do expect(response.status).to eq(200) expect(JSON.parse(response.body)) - .to eq('error' => true, 'message' => 'Test failed.', 'service_response' => 'Bad test') + .to eq('error' => true, 'message' => 'Test failed.', 'service_response' => 'Bad test', 'test_failed' => true) end end end |