summaryrefslogtreecommitdiff
path: root/spec/validators
diff options
context:
space:
mode:
authorHeinrich Lee Yu <heinrich@gitlab.com>2019-06-12 22:48:38 +0800
committerHeinrich Lee Yu <heinrich@gitlab.com>2019-06-25 09:06:26 +0800
commit717824144f8181bef524592eab882dd7525a60ef (patch)
tree34ab75284acca146e6aa0a5f16429e485e81cb97 /spec/validators
parentdb9783f7826ed5ba58a8941dd80a1cd7dda517b0 (diff)
downloadgitlab-ce-717824144f8181bef524592eab882dd7525a60ef.tar.gz
Fix color validation regex
Also prevents ReDoS vulnerability
Diffstat (limited to 'spec/validators')
-rw-r--r--spec/validators/color_validator_spec.rb43
1 files changed, 43 insertions, 0 deletions
diff --git a/spec/validators/color_validator_spec.rb b/spec/validators/color_validator_spec.rb
new file mode 100644
index 00000000000..e5a38ac9372
--- /dev/null
+++ b/spec/validators/color_validator_spec.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe ColorValidator do
+ using RSpec::Parameterized::TableSyntax
+
+ subject do
+ Class.new do
+ include ActiveModel::Model
+ include ActiveModel::Validations
+ attr_accessor :color
+ validates :color, color: true
+ end.new
+ end
+
+ where(:color, :is_valid) do
+ '#000abc' | true
+ '#aaa' | true
+ '#BBB' | true
+ '#cCc' | true
+ '#ffff' | false
+ '#000111222' | false
+ 'invalid' | false
+ '000' | false
+ end
+
+ with_them do
+ it 'only accepts valid colors' do
+ subject.color = color
+
+ expect(subject.valid?).to eq(is_valid)
+ end
+ end
+
+ it 'fails fast for long invalid string' do
+ subject.color = '#' + ('0' * 50_000) + 'xxx'
+
+ expect do
+ Timeout.timeout(5.seconds) { subject.valid? }
+ end.not_to raise_error
+ end
+end