diff options
author | Nick Thomas <nick@gitlab.com> | 2018-12-11 16:52:22 +0000 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2018-12-11 18:13:44 +0000 |
commit | 3ee0710d1d47bec895568563aeca2d3b53bfa8ce (patch) | |
tree | ae3da1ed6baa1133114edc1bb887b63479f0ac31 /spec/services/projects/lfs_pointers | |
parent | 18a48e348b83f66a1d108a2d6e38ac12c47dcef3 (diff) | |
download | gitlab-ce-3ee0710d1d47bec895568563aeca2d3b53bfa8ce.tar.gz |
Validate LFS hrefs before downloading them
Diffstat (limited to 'spec/services/projects/lfs_pointers')
-rw-r--r-- | spec/services/projects/lfs_pointers/lfs_download_service_spec.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb b/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb index 6af5bfc7689..d7d7f1874eb 100644 --- a/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb +++ b/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb @@ -54,6 +54,18 @@ describe Projects::LfsPointers::LfsDownloadService do end end + context 'when a bad URL is used' do + where(download_link: ['/etc/passwd', 'ftp://example.com', 'http://127.0.0.2']) + + with_them do + it 'does not download the file' do + expect(subject).not_to receive(:download_and_save_file) + + expect { subject.execute(oid, download_link) }.not_to change { LfsObject.count } + end + end + end + context 'when an lfs object with the same oid already exists' do before do create(:lfs_object, oid: 'oid') |