diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-26 15:08:56 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-02-26 15:08:56 +0000 |
commit | 17ab40ca089e1aef61a83f77ab6df62a72f6ce06 (patch) | |
tree | 8eb149293eee90ec2750b6ac5e46a111a806424e /spec/services/metrics | |
parent | 66d4203791a01fdedf668a78818a229ea2c07aad (diff) | |
download | gitlab-ce-17ab40ca089e1aef61a83f77ab6df62a72f6ce06.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/services/metrics')
-rw-r--r-- | spec/services/metrics/dashboard/update_dashboard_service_spec.rb | 113 |
1 files changed, 113 insertions, 0 deletions
diff --git a/spec/services/metrics/dashboard/update_dashboard_service_spec.rb b/spec/services/metrics/dashboard/update_dashboard_service_spec.rb new file mode 100644 index 00000000000..2bb08579fb9 --- /dev/null +++ b/spec/services/metrics/dashboard/update_dashboard_service_spec.rb @@ -0,0 +1,113 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Metrics::Dashboard::UpdateDashboardService, :use_clean_rails_memory_store_caching do + include MetricsDashboardHelpers + + set(:user) { create(:user) } + set(:project) { create(:project, :repository) } + set(:environment) { create(:environment, project: project) } + + describe '#execute' do + subject(:service_call) { described_class.new(project, user, params).execute } + + let(:commit_message) { 'test' } + let(:branch) { 'dashboard_new_branch' } + let(:dashboard) { 'config/prometheus/common_metrics.yml' } + let(:file_name) { 'custom_dashboard.yml' } + let(:file_content_hash) { YAML.safe_load(File.read(dashboard)) } + let(:params) do + { + file_name: file_name, + file_content: file_content_hash, + commit_message: commit_message, + branch: branch + } + end + + context 'user does not have push right to repository' do + it_behaves_like 'misconfigured dashboard service response', :forbidden, "You can't commit to this project" + end + + context 'with rights to push to the repository' do + before do + project.add_maintainer(user) + end + + context 'path traversal attack attempt' do + context 'with a yml extension' do + let(:file_name) { 'config/prometheus/../database.yml' } + + it_behaves_like 'misconfigured dashboard service response', :bad_request, "A file with this name doesn't exist" + end + + context 'without a yml extension' do + let(:file_name) { '../../..../etc/passwd' } + + it_behaves_like 'misconfigured dashboard service response', :bad_request, "The file name should have a .yml extension" + end + end + + context 'valid parameters' do + it_behaves_like 'valid dashboard update process' + end + + context 'selected branch already exists' do + let(:branch) { 'existing_branch' } + + before do + project.repository.add_branch(user, branch, 'master') + end + + it_behaves_like 'misconfigured dashboard service response', :bad_request, "There was an error updating the dashboard, branch named: existing_branch already exists." + end + + context 'Files::UpdateService success' do + before do + allow(::Files::UpdateService).to receive(:new).and_return(double(execute: { status: :success })) + end + + it 'returns success', :aggregate_failures do + dashboard_details = { + path: '.gitlab/dashboards/custom_dashboard.yml', + display_name: 'custom_dashboard.yml', + default: false, + system_dashboard: false + } + + expect(service_call[:status]).to be :success + expect(service_call[:http_status]).to be :created + expect(service_call[:dashboard]).to match dashboard_details + end + + context 'with escaped characters in file name' do + let(:file_name) { "custom_dashboard%26copy.yml" } + + it 'escapes the special characters', :aggregate_failures do + dashboard_details = { + path: '.gitlab/dashboards/custom_dashboard©.yml', + display_name: 'custom_dashboard©.yml', + default: false, + system_dashboard: false + } + + expect(service_call[:status]).to be :success + expect(service_call[:http_status]).to be :created + expect(service_call[:dashboard]).to match dashboard_details + end + end + end + + context 'Files::UpdateService fails' do + before do + allow(::Files::UpdateService).to receive(:new).and_return(double(execute: { status: :error })) + end + + it 'returns error' do + expect(service_call[:status]).to be :error + end + end + end + end +end |