diff options
author | Reuben Pereira <rpereira@gitlab.com> | 2019-01-07 17:55:21 +0000 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2019-01-07 17:55:21 +0000 |
commit | f40b5860d76a8ea5d964260834a6e83516b0f1fd (patch) | |
tree | 2a8e92896130697178f5c989e49fa686f66ce073 /spec | |
parent | 549ee8ada3b59278871a89720632584bc5cc11df (diff) | |
download | gitlab-ce-f40b5860d76a8ea5d964260834a6e83516b0f1fd.tar.gz |
Add table and model for error tracking settings
Diffstat (limited to 'spec')
-rw-r--r-- | spec/db/schema_spec.rb | 7 | ||||
-rw-r--r-- | spec/factories/project_error_tracking_settings.rb | 10 | ||||
-rw-r--r-- | spec/lib/gitlab/import_export/all_models.yml | 3 | ||||
-rw-r--r-- | spec/lib/gitlab/import_export/safe_model_attributes.yml | 5 | ||||
-rw-r--r-- | spec/models/error_tracking/project_error_tracking_setting_spec.rb | 36 | ||||
-rw-r--r-- | spec/models/project_spec.rb | 1 | ||||
-rw-r--r-- | spec/validators/url_validator_spec.rb | 51 |
7 files changed, 113 insertions, 0 deletions
diff --git a/spec/db/schema_spec.rb b/spec/db/schema_spec.rb index 7c505ee0d43..897b4411055 100644 --- a/spec/db/schema_spec.rb +++ b/spec/db/schema_spec.rb @@ -64,6 +64,7 @@ describe 'Database schema' do let(:indexes) { connection.indexes(table) } let(:columns) { connection.columns(table) } let(:foreign_keys) { connection.foreign_keys(table) } + let(:primary_key_column) { connection.primary_key(table) } context 'all foreign keys' do # for index to be effective, the FK constraint has to be at first place @@ -71,6 +72,12 @@ describe 'Database schema' do first_indexed_column = indexes.map(&:columns).map(&:first) foreign_keys_columns = foreign_keys.map(&:column) + # Add the primary key column to the list of indexed columns because + # postgres and mysql both automatically create an index on the primary + # key. Also, the rails connection.indexes() method does not return + # automatically generated indexes (like the primary key index). + first_indexed_column = first_indexed_column.push(primary_key_column) + expect(first_indexed_column.uniq).to include(*foreign_keys_columns) end end diff --git a/spec/factories/project_error_tracking_settings.rb b/spec/factories/project_error_tracking_settings.rb new file mode 100644 index 00000000000..f044cbe8755 --- /dev/null +++ b/spec/factories/project_error_tracking_settings.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +FactoryBot.define do + factory :project_error_tracking_setting, class: ErrorTracking::ProjectErrorTrackingSetting do + project + api_url 'https://gitlab.com' + enabled true + token 'access_token_123' + end +end diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml index d3cae137c3c..5afa9669b1a 100644 --- a/spec/lib/gitlab/import_export/all_models.yml +++ b/spec/lib/gitlab/import_export/all_models.yml @@ -314,6 +314,7 @@ project: - repository_languages - pool_repository - kubernetes_namespaces +- error_tracking_setting award_emoji: - awardable - user @@ -345,3 +346,5 @@ resource_label_events: - merge_request - epic - label +error_tracking_setting: +- project diff --git a/spec/lib/gitlab/import_export/safe_model_attributes.yml b/spec/lib/gitlab/import_export/safe_model_attributes.yml index 2422868474e..fe2087e8fc3 100644 --- a/spec/lib/gitlab/import_export/safe_model_attributes.yml +++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml @@ -600,3 +600,8 @@ ResourceLabelEvent: - label_id - user_id - created_at +ErrorTracking::ProjectErrorTrackingSetting: +- id +- api_url +- enabled +- project_id diff --git a/spec/models/error_tracking/project_error_tracking_setting_spec.rb b/spec/models/error_tracking/project_error_tracking_setting_spec.rb new file mode 100644 index 00000000000..83f29718eda --- /dev/null +++ b/spec/models/error_tracking/project_error_tracking_setting_spec.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe ErrorTracking::ProjectErrorTrackingSetting do + set(:project) { create(:project) } + + describe 'Associations' do + it { is_expected.to belong_to(:project) } + end + + describe 'Validations' do + subject { create(:project_error_tracking_setting, project: project) } + + context 'when api_url is over 255 chars' do + before do + subject.api_url = 'https://' + 'a' * 250 + end + + it 'fails validation' do + expect(subject).not_to be_valid + expect(subject.errors.messages[:api_url]).to include('is too long (maximum is 255 characters)') + end + end + + context 'With unsafe url' do + let(:project_error_tracking_setting) { create(:project_error_tracking_setting, project: project) } + + it 'fails validation' do + project_error_tracking_setting.api_url = "https://replaceme.com/'><script>alert(document.cookie)</script>" + + expect(project_error_tracking_setting).not_to be_valid + end + end + end +end diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 65b59c7b21b..5e7345ca180 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -62,6 +62,7 @@ describe Project do it { is_expected.to have_one(:last_event).class_name('Event') } it { is_expected.to have_one(:forked_from_project).through(:fork_network_member) } it { is_expected.to have_one(:auto_devops).class_name('ProjectAutoDevops') } + it { is_expected.to have_one(:error_tracking_setting).class_name('ErrorTracking::ProjectErrorTrackingSetting') } it { is_expected.to have_many(:commit_statuses) } it { is_expected.to have_many(:ci_pipelines) } it { is_expected.to have_many(:builds) } diff --git a/spec/validators/url_validator_spec.rb b/spec/validators/url_validator_spec.rb index f3f3386382f..1bb42382e8a 100644 --- a/spec/validators/url_validator_spec.rb +++ b/spec/validators/url_validator_spec.rb @@ -172,4 +172,55 @@ describe UrlValidator do end end end + + context 'when enforce_sanitization is' do + let(:validator) { described_class.new(attributes: [:link_url], enforce_sanitization: enforce_sanitization) } + let(:unsafe_url) { "https://replaceme.com/'><script>alert(document.cookie)</script>" } + let(:safe_url) { 'https://replaceme.com/path/to/somewhere' } + + let(:unsafe_internal_url) do + Gitlab.config.gitlab.protocol + '://' + Gitlab.config.gitlab.host + + "/'><script>alert(document.cookie)</script>" + end + + context 'true' do + let(:enforce_sanitization) { true } + + it 'prevents unsafe urls' do + badge.link_url = unsafe_url + + subject + + expect(badge.errors.empty?).to be false + end + + it 'prevents unsafe internal urls' do + badge.link_url = unsafe_internal_url + + subject + + expect(badge.errors.empty?).to be false + end + + it 'allows safe urls' do + badge.link_url = safe_url + + subject + + expect(badge.errors.empty?).to be true + end + end + + context 'false' do + let(:enforce_sanitization) { false } + + it 'allows unsafe urls' do + badge.link_url = unsafe_url + + subject + + expect(badge.errors.empty?).to be true + end + end + end end |