summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/content_security_policy/config_loader_spec.rb')
-rw-r--r--spec/lib/gitlab/content_security_policy/config_loader_spec.rb61
1 files changed, 61 insertions, 0 deletions
diff --git a/spec/lib/gitlab/content_security_policy/config_loader_spec.rb b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
new file mode 100644
index 00000000000..1d404915617
--- /dev/null
+++ b/spec/lib/gitlab/content_security_policy/config_loader_spec.rb
@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Gitlab::ContentSecurityPolicy::ConfigLoader do
+ let(:policy) { ActionDispatch::ContentSecurityPolicy.new }
+ let(:csp_config) do
+ {
+ enabled: true,
+ report_only: false,
+ directives: {
+ base_uri: 'http://example.com',
+ child_src: "'self' https://child.example.com",
+ default_src: "'self' https://other.example.com",
+ script_src: "'self' https://script.exammple.com ",
+ worker_src: "data: https://worker.example.com",
+ report_uri: "http://example.com"
+ }
+ }
+ end
+
+ context '.default_settings_hash' do
+ it 'returns empty defaults' do
+ settings = described_class.default_settings_hash
+
+ expect(settings['enabled']).to be_falsey
+ expect(settings['report_only']).to be_falsey
+
+ described_class::DIRECTIVES.each do |directive|
+ expect(settings['directives'].has_key?(directive)).to be_truthy
+ expect(settings['directives'][directive]).to be_nil
+ end
+ end
+ end
+
+ context '#load' do
+ subject { described_class.new(csp_config[:directives]) }
+
+ def expected_config(directive)
+ csp_config[:directives][directive].split(' ').map(&:strip)
+ end
+
+ it 'sets the policy properly' do
+ subject.load(policy)
+
+ expect(policy.directives['base-uri']).to eq([csp_config[:directives][:base_uri]])
+ expect(policy.directives['default-src']).to eq(expected_config(:default_src))
+ expect(policy.directives['child-src']).to eq(expected_config(:child_src))
+ expect(policy.directives['worker-src']).to eq(expected_config(:worker_src))
+ expect(policy.directives['report-uri']).to eq(expected_config(:report_uri))
+ end
+
+ it 'ignores malformed policy statements' do
+ csp_config[:directives][:base_uri] = 123
+
+ subject.load(policy)
+
+ expect(policy.directives['base-uri']).to be_nil
+ end
+ end
+end
View Lorry Controller Status