diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-30 12:22:09 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-30 12:22:09 +0000 |
commit | eba52140851d2fb08665119c0a3997d0612ccb88 (patch) | |
tree | 4bc562fadc518009435642e0bd265c8fb5bdc5a5 /spec/models/design_management | |
parent | 2da7c8579601c14a93d4291b8cf5fa39c6eeabd8 (diff) | |
download | gitlab-ce-eba52140851d2fb08665119c0a3997d0612ccb88.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-2-stable-ee
Diffstat (limited to 'spec/models/design_management')
-rw-r--r-- | spec/models/design_management/design_spec.rb | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/spec/models/design_management/design_spec.rb b/spec/models/design_management/design_spec.rb index f2ce5e42eaf..b0601ea3f08 100644 --- a/spec/models/design_management/design_spec.rb +++ b/spec/models/design_management/design_spec.rb @@ -572,6 +572,12 @@ RSpec.describe DesignManagement::Design do expect(described_class.link_reference_pattern).not_to match(url_for_designs(issue)) end + it 'intentionally ignores filenames with any special character' do + design = build(:design, issue: issue, filename: '"invalid') + + expect(described_class.link_reference_pattern).not_to match(url_for_design(design)) + end + where(:ext) do (described_class::SAFE_IMAGE_EXT + described_class::DANGEROUS_IMAGE_EXT).flat_map do |ext| [[ext], [ext.upcase]] @@ -593,14 +599,6 @@ RSpec.describe DesignManagement::Design do ) end - context 'the file needs to be encoded' do - let(:filename) { "my file.#{ext}" } - - it 'extracts the encoded filename' do - expect(captures).to include('url_filename' => 'my%20file.' + ext) - end - end - context 'the file is all upper case' do let(:filename) { "file.#{ext}".upcase } |