Add latest changes from gitlab-org/security/gitlab@15-1-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-29 14:14:01 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-29 14:14:01 +0000
commit: a5baa12bfff6c41f6c9cf156edcf8e621f71848e (patch)
tree: 1a7f51da1300bca04a1bd070f12e66bc4955c832 /spec/lib
parent: bb51b8a098aa17b226d1e7941218512f8c835e08 (diff)
download: gitlab-ce-a5baa12bfff6c41f6c9cf156edcf8e621f71848e.tar.gz
3 files changed, 79 insertions, 27 deletions
diff --git a/spec/lib/bulk_imports/projects/pipelines/project_pipeline_spec.rb b/spec/lib/bulk_imports/projects/pipelines/project_pipeline_spec.rb
index c53c0849931..567a0a4fcc3 100644
--- a/spec/lib/bulk_imports/projects/pipelines/project_pipeline_spec.rb
+++ b/spec/lib/bulk_imports/projects/pipelines/project_pipeline_spec.rb
@@ -25,18 +25,7 @@ RSpec.describe BulkImports::Projects::Pipelines::ProjectPipeline do
     let(:project_data) do
       {
         'visibility' => 'private',
-        'created_at' => 10.days.ago,
-        'archived' => false,
-        'shared_runners_enabled' => true,
-        'container_registry_enabled' => true,
-        'only_allow_merge_if_pipeline_succeeds' => true,
-        'only_allow_merge_if_all_discussions_are_resolved' => true,
-        'request_access_enabled' => true,
-        'printing_merge_request_link_enabled' => true,
-        'remove_source_branch_after_merge' => true,
-        'autoclose_referenced_issues' => true,
-        'suggestion_commit_message' => 'message',
-        'wiki_enabled' => true
+        'created_at' => '2016-08-12T09:41:03'
       }
     end
 
@@ -58,17 +47,8 @@ RSpec.describe BulkImports::Projects::Pipelines::ProjectPipeline do
 
       expect(imported_project).not_to be_nil
       expect(imported_project.group).to eq(group)
-      expect(imported_project.suggestion_commit_message).to eq('message')
-      expect(imported_project.archived?).to eq(project_data['archived'])
-      expect(imported_project.shared_runners_enabled?).to eq(project_data['shared_runners_enabled'])
-      expect(imported_project.container_registry_enabled?).to eq(project_data['container_registry_enabled'])
-      expect(imported_project.only_allow_merge_if_pipeline_succeeds?).to eq(project_data['only_allow_merge_if_pipeline_succeeds'])
-      expect(imported_project.only_allow_merge_if_all_discussions_are_resolved?).to eq(project_data['only_allow_merge_if_all_discussions_are_resolved'])
-      expect(imported_project.request_access_enabled?).to eq(project_data['request_access_enabled'])
-      expect(imported_project.printing_merge_request_link_enabled?).to eq(project_data['printing_merge_request_link_enabled'])
-      expect(imported_project.remove_source_branch_after_merge?).to eq(project_data['remove_source_branch_after_merge'])
-      expect(imported_project.autoclose_referenced_issues?).to eq(project_data['autoclose_referenced_issues'])
-      expect(imported_project.wiki_enabled?).to eq(project_data['wiki_enabled'])
+      expect(imported_project.visibility).to eq(project_data['visibility'])
+      expect(imported_project.created_at).to eq(project_data['created_at'])
     end
   end
 
diff --git a/spec/lib/bulk_imports/projects/transformers/project_attributes_transformer_spec.rb b/spec/lib/bulk_imports/projects/transformers/project_attributes_transformer_spec.rb
index 822bb9a5605..a1d77b9732d 100644
--- a/spec/lib/bulk_imports/projects/transformers/project_attributes_transformer_spec.rb
+++ b/spec/lib/bulk_imports/projects/transformers/project_attributes_transformer_spec.rb
@@ -25,8 +25,8 @@ RSpec.describe BulkImports::Projects::Transformers::ProjectAttributesTransformer
 
     let(:data) do
       {
-        'name' => 'source_name',
-        'visibility' => 'private'
+        'visibility' => 'private',
+        'created_at' => '2016-11-18T09:29:42.634Z'
       }
     end
 
@@ -76,8 +76,21 @@ RSpec.describe BulkImports::Projects::Transformers::ProjectAttributesTransformer
       end
     end
 
-    it 'converts all keys to symbols' do
-      expect(transformed_data.keys).to contain_exactly(:name, :path, :import_type, :visibility_level, :namespace_id)
+    context 'when data has extra keys' do
+      it 'returns a fixed number of keys' do
+        data = {
+          'visibility' => 'private',
+          'created_at' => '2016-11-18T09:29:42.634Z',
+          'my_key' => 'my_key',
+          'another_key' => 'another_key',
+          'last_key' => 'last_key'
+        }
+
+        transformed_data = described_class.new.transform(context, data)
+
+        expect(transformed_data.keys)
+          .to contain_exactly(:created_at, :import_type, :name, :namespace_id, :path, :visibility_level)
+      end
     end
   end
 end
diff --git a/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb b/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb
index fe3b638d20f..dea584e5019 100644
--- a/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb
+++ b/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb
@@ -86,6 +86,65 @@ RSpec.describe Gitlab::ImportExport::DecompressedArchiveSizeValidator do
         include_examples 'logs raised exception and terminates validator process group'
       end
     end
+
+    context 'archive path validation' do
+      let(:filesize) { nil }
+
+      before do
+        expect(Gitlab::Import::Logger)
+          .to receive(:info)
+          .with(
+            import_upload_archive_path: filepath,
+            import_upload_archive_size: filesize,
+            message: error_message
+          )
+      end
+
+      context 'when archive path is traversed' do
+        let(:filepath) { '/foo/../bar' }
+        let(:error_message) { 'Invalid path' }
+
+        it 'returns false' do
+          expect(subject.valid?).to eq(false)
+        end
+      end
+
+      context 'when archive path is not a string' do
+        let(:filepath) { 123 }
+        let(:error_message) { 'Archive path is not a string' }
+
+        it 'returns false' do
+          expect(subject.valid?).to eq(false)
+        end
+      end
+
+      context 'which archive path is a symlink' do
+        let(:filepath) { File.join(Dir.tmpdir, 'symlink') }
+        let(:error_message) { 'Archive path is a symlink' }
+
+        before do
+          FileUtils.ln_s(filepath, filepath, force: true)
+        end
+
+        it 'returns false' do
+          expect(subject.valid?).to eq(false)
+        end
+      end
+
+      context 'when archive path is not a file' do
+        let(:filepath) { Dir.mktmpdir }
+        let(:filesize) { File.size(filepath) }
+        let(:error_message) { 'Archive path is not a file' }
+
+        after do
+          FileUtils.rm_rf(filepath)
+        end
+
+        it 'returns false' do
+          expect(subject.valid?).to eq(false)
+        end
+      end
+    end
   end
 
   def create_compressed_file
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-29 14:14:01 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-29 14:14:01 +0000
commit	a5baa12bfff6c41f6c9cf156edcf8e621f71848e (patch)
tree	1a7f51da1300bca04a1bd070f12e66bc4955c832 /spec/lib
parent	bb51b8a098aa17b226d1e7941218512f8c835e08 (diff)
download	gitlab-ce-a5baa12bfff6c41f6c9cf156edcf8e621f71848e.tar.gz