diff options
author | Mark Chao <mchao@gitlab.com> | 2019-04-10 11:39:45 +0800 |
---|---|---|
committer | Mark Chao <mchao@gitlab.com> | 2019-05-03 03:02:58 +0800 |
commit | d8bddb16624f34600069bb5d3540960b25176381 (patch) | |
tree | 6e38172e12eb8d5a5c1645b30cccdda9f7f08809 /spec/models/merge_request_spec.rb | |
parent | 74ac04a6aa7a9398ed908f47080e64ec40e0dee8 (diff) | |
download | gitlab-ce-d8bddb16624f34600069bb5d3540960b25176381.tar.gz |
Validate MR branch names
Prevents refspec as branch name, which would bypass branch protection
when used in conjunction with rebase.
HEAD seems to be a special case with lots of occurrence,
so it is considered valid for now.
Another special case is `refs/head/*`, which can be imported.
Diffstat (limited to 'spec/models/merge_request_spec.rb')
-rw-r--r-- | spec/models/merge_request_spec.rb | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb index 6f34ef9c1bc..2b78e1e361e 100644 --- a/spec/models/merge_request_spec.rb +++ b/spec/models/merge_request_spec.rb @@ -150,6 +150,42 @@ describe MergeRequest do end end + context 'for branch' do + before do + stub_feature_flags(stricter_mr_branch_name: false) + end + + using RSpec::Parameterized::TableSyntax + + where(:branch_name, :valid) do + 'foo' | true + 'foo:bar' | false + '+foo:bar' | false + 'foo bar' | false + '-foo' | false + 'HEAD' | true + 'refs/heads/master' | true + end + + with_them do + it "validates source_branch" do + subject = build(:merge_request, source_branch: branch_name, target_branch: 'master') + + subject.valid? + + expect(subject.errors.added?(:source_branch)).to eq(!valid) + end + + it "validates target_branch" do + subject = build(:merge_request, source_branch: 'master', target_branch: branch_name) + + subject.valid? + + expect(subject.errors.added?(:target_branch)).to eq(!valid) + end + end + end + context 'for forks' do let(:project) { create(:project) } let(:fork1) { fork_project(project) } |