diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-26 14:39:41 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-26 14:39:41 +0000 |
commit | 93fd80667dcfbacca2b41168da6fcb3f67c0899b (patch) | |
tree | 17d0bd9c303b7a0dbed87811e438d10fee49991f /spec/initializers | |
parent | f332982c82ad95ae2ee22242c39f78717613165f (diff) | |
download | gitlab-ce-93fd80667dcfbacca2b41168da6fcb3f67c0899b.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-3-stable-ee
Diffstat (limited to 'spec/initializers')
-rw-r--r-- | spec/initializers/rack_VULNDB-255039_patch_spec.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/initializers/rack_VULNDB-255039_patch_spec.rb b/spec/initializers/rack_VULNDB-255039_patch_spec.rb new file mode 100644 index 00000000000..754ff2f10e0 --- /dev/null +++ b/spec/initializers/rack_VULNDB-255039_patch_spec.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Rack VULNDB-255039' do + context 'when handling query params in GET requests' do + it 'does not treat semicolons as query delimiters' do + env = ::Rack::MockRequest.env_for('http://gitlab.com?a=b;c=1') + + query_hash = ::Rack::Request.new(env).GET + + # Prior to this patch, this was splitting around the semicolon, which + # would return {"a"=>"b", "c"=>"1"} + expect(query_hash).to eq({ "a" => "b;c=1" }) + end + end +end |