diff options
author | James Edwards-Jones <jedwardsjones@gitlab.com> | 2017-08-08 21:18:02 +0000 |
---|---|---|
committer | James Edwards-Jones <jedwardsjones@gitlab.com> | 2017-08-08 22:19:45 +0100 |
commit | 6689cfd084dfae0f006e6d007f938332153d6556 (patch) | |
tree | 1f2a50a2b35ea16d3a26bd5c130b42f9cb3decda /spec | |
parent | 7528b7ead5dbbc7384dec7ab30ccb76f95d4d622 (diff) | |
download | gitlab-ce-6689cfd084dfae0f006e6d007f938332153d6556.tar.gz |
Merge branch 'import-symlinks-9-3' into 'security-9-3'
Fix file disclosure via hidden symlinks using the project import (9.3)
See merge request !2164
Diffstat (limited to 'spec')
-rw-r--r-- | spec/lib/gitlab/import_export/file_importer_spec.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/spec/lib/gitlab/import_export/file_importer_spec.rb b/spec/lib/gitlab/import_export/file_importer_spec.rb index b88b9c18c15..2be73ae415f 100644 --- a/spec/lib/gitlab/import_export/file_importer_spec.rb +++ b/spec/lib/gitlab/import_export/file_importer_spec.rb @@ -5,6 +5,7 @@ describe Gitlab::ImportExport::FileImporter, lib: true do let(:export_path) { "#{Dir.tmpdir}/file_importer_spec" } let(:valid_file) { "#{shared.export_path}/valid.json" } let(:symlink_file) { "#{shared.export_path}/invalid.json" } + let(:hidden_symlink_file) { "#{shared.export_path}/.hidden" } let(:subfolder_symlink_file) { "#{shared.export_path}/subfolder/invalid.json" } before do @@ -25,6 +26,10 @@ describe Gitlab::ImportExport::FileImporter, lib: true do expect(File.exist?(symlink_file)).to be false end + it 'removes hidden symlinks in root folder' do + expect(File.exist?(hidden_symlink_file)).to be false + end + it 'removes symlinks in subfolders' do expect(File.exist?(subfolder_symlink_file)).to be false end |