diff options
| author | James Lopez <james@gitlab.com> | 2018-01-08 15:42:41 +0000 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2018-01-16 17:04:51 -0800 |
| commit | 532a0b60184800b0442723498d5257c20d20a8aa (patch) | |
| tree | 50244d4e6b32983e0f960d9c2ee0e9e6ff295329 /spec/lib | |
| parent | 791ca43f3f8f12451ee1e70efc90f5d82347af93 (diff) | |
| download | gitlab-ce-532a0b60184800b0442723498d5257c20d20a8aa.tar.gz | |
Merge branch 'fix/import-rce-10-3' into 'security-10-3'
[10.3] Fix RCE via project import mechanism
See merge request gitlab/gitlabhq!2294
(cherry picked from commit dcfec507d6f9ee119d65a832393e7c593af1d3b2)
86d75812 Fix RCE via project import mechanism
Diffstat (limited to 'spec/lib')
| -rw-r--r-- | spec/lib/gitlab/import_export/file_importer_spec.rb | 57 |
1 files changed, 44 insertions, 13 deletions
diff --git a/spec/lib/gitlab/import_export/file_importer_spec.rb b/spec/lib/gitlab/import_export/file_importer_spec.rb index 162b776e107..5cdc5138fda 100644 --- a/spec/lib/gitlab/import_export/file_importer_spec.rb +++ b/spec/lib/gitlab/import_export/file_importer_spec.rb @@ -12,30 +12,61 @@ describe Gitlab::ImportExport::FileImporter do stub_const('Gitlab::ImportExport::FileImporter::MAX_RETRIES', 0) allow_any_instance_of(Gitlab::ImportExport).to receive(:storage_path).and_return(export_path) allow_any_instance_of(Gitlab::ImportExport::CommandLineUtil).to receive(:untar_zxf).and_return(true) - + allow(SecureRandom).to receive(:hex).and_return('abcd') setup_files - - described_class.import(archive_file: '', shared: shared) end after do FileUtils.rm_rf(export_path) end - it 'removes symlinks in root folder' do - expect(File.exist?(symlink_file)).to be false - end + context 'normal run' do + before do + described_class.import(archive_file: '', shared: shared) + end - it 'removes hidden symlinks in root folder' do - expect(File.exist?(hidden_symlink_file)).to be false - end + it 'removes symlinks in root folder' do + expect(File.exist?(symlink_file)).to be false + end + + it 'removes hidden symlinks in root folder' do + expect(File.exist?(hidden_symlink_file)).to be false + end + + it 'removes symlinks in subfolders' do + expect(File.exist?(subfolder_symlink_file)).to be false + end - it 'removes symlinks in subfolders' do - expect(File.exist?(subfolder_symlink_file)).to be false + it 'does not remove a valid file' do + expect(File.exist?(valid_file)).to be true + end + + it 'creates the file in the right subfolder' do + expect(shared.export_path).to include('test/abcd') + end end - it 'does not remove a valid file' do - expect(File.exist?(valid_file)).to be true + context 'error' do + before do + allow_any_instance_of(described_class).to receive(:wait_for_archived_file).and_raise(StandardError) + described_class.import(archive_file: '', shared: shared) + end + + it 'removes symlinks in root folder' do + expect(File.exist?(symlink_file)).to be false + end + + it 'removes hidden symlinks in root folder' do + expect(File.exist?(hidden_symlink_file)).to be false + end + + it 'removes symlinks in subfolders' do + expect(File.exist?(subfolder_symlink_file)).to be false + end + + it 'does not remove a valid file' do + expect(File.exist?(valid_file)).to be true + end end def setup_files |