diff options
| author | Timothy Andrew <mail@timothyandrew.net> | 2016-12-09 15:15:55 +0530 |
|---|---|---|
| committer | Timothy Andrew <mail@timothyandrew.net> | 2016-12-16 23:32:25 +0530 |
| commit | a2b39feb1a3ae6fe2615418bb759bf39125e5d0e (patch) | |
| tree | 0d4cfeadd4c01a9593c4487a5f3da32436edaaa8 /spec | |
| parent | f82d549d26af89cba00005e1a1c9b721c076f7a0 (diff) | |
| download | gitlab-ce-a2b39feb1a3ae6fe2615418bb759bf39125e5d0e.tar.gz | |
Validate environment variables in `Gitlab::Git::RevList`
The list of environment variables in `Gitlab::Git::RevList` need to be validate
to make sure that they don't reference any other project on disk.
This commit mixes in `ActiveModel::Validations` into `Gitlab::Git::RevList`, and
validates that the environment variables are on the level (using a custom
validator class). If the validations fail, the force push is still executed
without any environment variables set.
Add specs for the validation using shared examples.
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/lib/gitlab/git/rev_list_spec.rb | 36 | ||||
| -rw-r--r-- | spec/validators/git_environment_variables_validator_spec.rb | 64 |
2 files changed, 100 insertions, 0 deletions
diff --git a/spec/lib/gitlab/git/rev_list_spec.rb b/spec/lib/gitlab/git/rev_list_spec.rb new file mode 100644 index 00000000000..cdfbff5658c --- /dev/null +++ b/spec/lib/gitlab/git/rev_list_spec.rb @@ -0,0 +1,36 @@ +require 'spec_helper' +require 'validators/git_environment_variables_validator_spec' + +describe Gitlab::Git::RevList, lib: true do + let(:project) { create(:project) } + + context "validations" do + it_behaves_like( + "validated git environment variables", + ->(env, project) { Gitlab::Git::RevList.new('oldrev', 'newrev', project: project, env: env) } + ) + end + + context "#execute" do + let(:env) { { "GIT_OBJECT_DIRECTORY" => project.repository.path_to_repo } } + let(:rev_list) { Gitlab::Git::RevList.new('oldrev', 'newrev', project: project, env: env) } + + it "calls out to `popen` without environment variables if the record is invalid" do + allow(rev_list).to receive(:valid?).and_return(false) + allow(Open3).to receive(:popen3) + + rev_list.execute + + expect(Open3).to have_received(:popen3).with(hash_excluding(env), any_args) + end + + it "calls out to `popen` with environment variables if the record is valid" do + allow(rev_list).to receive(:valid?).and_return(true) + allow(Open3).to receive(:popen3) + + rev_list.execute + + expect(Open3).to have_received(:popen3).with(hash_including(env), any_args) + end + end +end diff --git a/spec/validators/git_environment_variables_validator_spec.rb b/spec/validators/git_environment_variables_validator_spec.rb new file mode 100644 index 00000000000..81b028b6572 --- /dev/null +++ b/spec/validators/git_environment_variables_validator_spec.rb @@ -0,0 +1,64 @@ +require 'spec_helper' + +shared_examples_for "validated git environment variables" do |record_fn| + subject { GitEnvironmentVariablesValidator.new(attributes: ['env']) } + let(:project) { create(:project) } + + context "GIT_OBJECT_DIRECTORY" do + it "accepts values starting with the project repo path" do + env = { "GIT_OBJECT_DIRECTORY" => "#{project.repository.path_to_repo}/objects" } + record = record_fn[env, project] + + subject.validate_each(record, 'env', env) + + expect(record).to be_valid, "expected #{project.repository.path_to_repo}" + end + + it "rejects values starting not with the project repo path" do + env = { "GIT_OBJECT_DIRECTORY" => "/some/other/path" } + record = record_fn[env, project] + + subject.validate_each(record, 'env', env) + + expect(record).to be_invalid + end + + it "rejects values containing the project repo path but not starting with it" do + env = { "GIT_OBJECT_DIRECTORY" => "/some/other/path/#{project.repository.path_to_repo}" } + record = record_fn[env, project] + + subject.validate_each(record, 'env', env) + + expect(record).to be_invalid + end + end + + context "GIT_ALTERNATE_OBJECT_DIRECTORIES" do + it "accepts values starting with the project repo path" do + env = { "GIT_ALTERNATE_OBJECT_DIRECTORIES" => project.repository.path_to_repo } + record = record_fn[env, project] + + subject.validate_each(record, 'env', env) + + expect(record).to be_valid, "expected #{project.repository.path_to_repo}" + end + + it "rejects values starting not with the project repo path" do + env = { "GIT_ALTERNATE_OBJECT_DIRECTORIES" => "/some/other/path" } + record = record_fn[env, project] + + subject.validate_each(record, 'env', env) + + expect(record).to be_invalid + end + + it "rejects values containing the project repo path but not starting with it" do + env = { "GIT_ALTERNATE_OBJECT_DIRECTORIES" => "/some/other/path/#{project.repository.path_to_repo}" } + record = record_fn[env, project] + + subject.validate_each(record, 'env', env) + + expect(record).to be_invalid + end + end +end |