diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 18:42:06 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 18:42:06 +0000 |
commit | 6e4e1050d9dba2b7b2523fdd1768823ab85feef4 (patch) | |
tree | 78be5963ec075d80116a932011d695dd33910b4e /spec/requests/api/files_spec.rb | |
parent | 1ce776de4ae122aba3f349c02c17cebeaa8ecf07 (diff) | |
download | gitlab-ce-6e4e1050d9dba2b7b2523fdd1768823ab85feef4.tar.gz |
Add latest changes from gitlab-org/gitlab@13-3-stable-ee
Diffstat (limited to 'spec/requests/api/files_spec.rb')
-rw-r--r-- | spec/requests/api/files_spec.rb | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/spec/requests/api/files_spec.rb b/spec/requests/api/files_spec.rb index b50f63ed67c..d7571ad4bff 100644 --- a/spec/requests/api/files_spec.rb +++ b/spec/requests/api/files_spec.rb @@ -10,12 +10,14 @@ RSpec.describe API::Files do let(:guest) { create(:user) { |u| project.add_guest(u) } } let(:file_path) { "files%2Fruby%2Fpopen%2Erb" } let(:rouge_file_path) { "%2e%2e%2f" } + let(:absolute_path) { "%2Fetc%2Fpasswd.rb" } let(:invalid_file_message) { 'file_path should be a valid file path' } let(:params) do { ref: 'master' } end + let(:author_email) { 'user@example.org' } let(:author_name) { 'John Doe' } @@ -57,6 +59,18 @@ RSpec.describe API::Files do end end + shared_examples 'when path is absolute' do + it 'returns 400 when file path is absolute' do + subject + + expect(response).to have_gitlab_http_status(:bad_request) + + if response.body.present? + expect(json_response['error']).to eq(invalid_file_message) + end + end + end + describe "HEAD /projects/:id/repository/files/:file_path" do shared_examples_for 'repository files' do it 'returns 400 when file path is invalid' do @@ -65,6 +79,10 @@ RSpec.describe API::Files do expect(response).to have_gitlab_http_status(:bad_request) end + it_behaves_like 'when path is absolute' do + subject { head api(route(absolute_path), current_user), params: params } + end + it 'returns file attributes in headers' do head api(route(file_path), current_user), params: params @@ -165,6 +183,10 @@ RSpec.describe API::Files do expect(json_response['error']).to eq(invalid_file_message) end + it_behaves_like 'when path is absolute' do + subject { get api(route(absolute_path), api_user), params: params } + end + it 'returns file attributes as json' do get api(route(file_path), api_user), params: params @@ -350,6 +372,10 @@ RSpec.describe API::Files do expect(json_response['error']).to eq(invalid_file_message) end + it_behaves_like 'when path is absolute' do + subject { get api(route(absolute_path) + '/blame', current_user), params: params } + end + it 'returns blame file attributes as json' do get api(route(file_path) + '/blame', current_user), params: params @@ -473,6 +499,10 @@ RSpec.describe API::Files do expect(json_response['error']).to eq(invalid_file_message) end + it_behaves_like 'when path is absolute' do + subject { get api(route(absolute_path) + '/raw', current_user), params: params } + end + it 'returns raw file info' do url = route(file_path) + "/raw" expect(Gitlab::Workhorse).to receive(:send_git_blob) @@ -597,6 +627,10 @@ RSpec.describe API::Files do expect(json_response['error']).to eq(invalid_file_message) end + it_behaves_like 'when path is absolute' do + subject { post api(route(absolute_path), user), params: params } + end + it "creates a new file in project repo" do post api(route(file_path), user), params: params @@ -735,6 +769,17 @@ RSpec.describe API::Files do expect(json_response['error']).to eq(invalid_file_message) end + it_behaves_like 'when path is absolute' do + let(:last_commit) do + Gitlab::Git::Commit + .last_for_path(project.repository, 'master', URI.unescape(file_path)) + end + + let(:params_with_correct_id) { params.merge(last_commit_id: last_commit.id) } + + subject { put api(route(absolute_path), user), params: params_with_correct_id } + end + it "returns a 400 bad request if no params given" do put api(route(file_path), user) @@ -770,6 +815,10 @@ RSpec.describe API::Files do expect(json_response['error']).to eq(invalid_file_message) end + it_behaves_like 'when path is absolute' do + subject { delete api(route(absolute_path), user), params: params } + end + it "deletes existing file in project repo" do delete api(route(file_path), user), params: params @@ -821,6 +870,7 @@ RSpec.describe API::Files do encoding: 'base64' } end + let(:get_params) do { ref: 'master' |