diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 18:09:28 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-12 18:09:28 +0000 |
| commit | ce8a0b90849ac5d1895e741c023432930f24d724 (patch) | |
| tree | dbdc97de542cdbe18a2fc8b1a6b64ac0673ed3d3 /spec/uploaders | |
| parent | dc889678d1de8c09310b2f8f9742bb6c78a6f1a4 (diff) | |
| download | gitlab-ce-ce8a0b90849ac5d1895e741c023432930f24d724.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/uploaders')
| -rw-r--r-- | spec/uploaders/avatar_uploader_spec.rb | 30 | ||||
| -rw-r--r-- | spec/uploaders/content_type_whitelist_spec.rb | 34 | ||||
| -rw-r--r-- | spec/uploaders/favicon_uploader_spec.rb | 38 |
3 files changed, 83 insertions, 19 deletions
diff --git a/spec/uploaders/avatar_uploader_spec.rb b/spec/uploaders/avatar_uploader_spec.rb index 669f75b2ee8..142ee557afa 100644 --- a/spec/uploaders/avatar_uploader_spec.rb +++ b/spec/uploaders/avatar_uploader_spec.rb @@ -47,15 +47,29 @@ describe AvatarUploader do end end - context 'upload type check' do - AvatarUploader::SAFE_IMAGE_EXT.each do |ext| - context "#{ext} extension" do - it_behaves_like 'type checked uploads', filenames: "image.#{ext}" - end - end + context 'accept whitelist file content type' do + # We need to feed through a valid path, but we force the parsed mime type + # in a stub below so we can set any path. + let_it_be(:path) { File.join('spec', 'fixtures', 'video_sample.mp4') } + + where(:mime_type) { described_class::MIME_WHITELIST } + + with_them do + include_context 'force content type detection to mime_type' - context 'skip image/svg+xml integrity check' do - it_behaves_like 'skipped type checked uploads', filenames: 'image.svg' + it_behaves_like 'accepted carrierwave upload' end end + + context 'upload non-whitelisted file content type' do + let_it_be(:path) { File.join('spec', 'fixtures', 'sanitized.svg') } + + it_behaves_like 'denied carrierwave upload' + end + + context 'upload misnamed non-whitelisted file content type' do + let_it_be(:path) { File.join('spec', 'fixtures', 'not_a_png.png') } + + it_behaves_like 'denied carrierwave upload' + end end diff --git a/spec/uploaders/content_type_whitelist_spec.rb b/spec/uploaders/content_type_whitelist_spec.rb new file mode 100644 index 00000000000..be519ead1c8 --- /dev/null +++ b/spec/uploaders/content_type_whitelist_spec.rb @@ -0,0 +1,34 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe ContentTypeWhitelist do + class DummyUploader < CarrierWave::Uploader::Base + include ContentTypeWhitelist::Concern + + def content_type_whitelist + %w[image/png image/jpeg] + end + end + + let_it_be(:model) { build_stubbed(:user) } + let_it_be(:uploader) { DummyUploader.new(model, :dummy) } + + context 'upload whitelisted file content type' do + let(:path) { File.join('spec', 'fixtures', 'rails_sample.jpg') } + + it_behaves_like 'accepted carrierwave upload' + end + + context 'upload non-whitelisted file content type' do + let(:path) { File.join('spec', 'fixtures', 'sanitized.svg') } + + it_behaves_like 'denied carrierwave upload' + end + + context 'upload misnamed non-whitelisted file content type' do + let(:path) { File.join('spec', 'fixtures', 'not_a_png.png') } + + it_behaves_like 'denied carrierwave upload' + end +end diff --git a/spec/uploaders/favicon_uploader_spec.rb b/spec/uploaders/favicon_uploader_spec.rb index 4d6c849883a..0f5941b3f0a 100644 --- a/spec/uploaders/favicon_uploader_spec.rb +++ b/spec/uploaders/favicon_uploader_spec.rb @@ -6,19 +6,35 @@ describe FaviconUploader do let_it_be(:model) { build_stubbed(:user) } let_it_be(:uploader) { described_class.new(model, :favicon) } - context 'upload type check' do - FaviconUploader::EXTENSION_WHITELIST.each do |ext| - context "#{ext} extension" do - it_behaves_like 'type checked uploads', filenames: "image.#{ext}" - end + context 'accept whitelist file content type' do + include_context 'ignore extension whitelist check' + + # We need to feed through a valid path, but we force the parsed mime type + # in a stub below so we can set any path. + let_it_be(:path) { File.join('spec', 'fixtures', 'video_sample.mp4') } + + where(:mime_type) { described_class::MIME_WHITELIST } + + with_them do + include_context 'force content type detection to mime_type' + + it_behaves_like 'accepted carrierwave upload' end end - context 'upload non-whitelisted file extensions' do - it 'will deny upload' do - path = File.join('spec', 'fixtures', 'banana_sample.gif') - fixture_file = fixture_file_upload(path) - expect { uploader.cache!(fixture_file) }.to raise_exception(CarrierWave::IntegrityError) - end + context 'upload non-whitelisted file content type' do + include_context 'ignore extension whitelist check' + + let_it_be(:path) { File.join('spec', 'fixtures', 'sanitized.svg') } + + it_behaves_like 'denied carrierwave upload' + end + + context 'upload misnamed non-whitelisted file content type' do + include_context 'ignore extension whitelist check' + + let_it_be(:path) { File.join('spec', 'fixtures', 'not_a_png.png') } + + it_behaves_like 'denied carrierwave upload' end end |