diff options
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/gitlab/email/receiver_spec.rb | 9 | ||||
-rw-r--r-- | spec/lib/gitlab/git_access_spec.rb | 2 | ||||
-rw-r--r-- | spec/lib/gitlab/hook_data/issue_builder_spec.rb | 1 | ||||
-rw-r--r-- | spec/lib/gitlab/import_export/all_models.yml | 1 | ||||
-rw-r--r-- | spec/lib/gitlab/import_export/safe_model_attributes.yml | 1 | ||||
-rw-r--r-- | spec/lib/gitlab/url_blocker_spec.rb | 64 | ||||
-rw-r--r-- | spec/lib/gitlab/url_blockers/url_whitelist_spec.rb | 72 | ||||
-rw-r--r-- | spec/lib/gitlab_spec.rb | 55 |
8 files changed, 183 insertions, 22 deletions
diff --git a/spec/lib/gitlab/email/receiver_spec.rb b/spec/lib/gitlab/email/receiver_spec.rb index c9fde06cbae..6b5a355e598 100644 --- a/spec/lib/gitlab/email/receiver_spec.rb +++ b/spec/lib/gitlab/email/receiver_spec.rb @@ -14,6 +14,7 @@ describe Gitlab::Email::Receiver do allow(handler).to receive(:execute) allow(handler).to receive(:metrics_params) + allow(handler).to receive(:metrics_event) end it "finds the mail key" do @@ -46,4 +47,12 @@ describe Gitlab::Email::Receiver do expect { receiver.execute }.to raise_error(Gitlab::Email::AutoGeneratedEmailError) end end + + it "requires all handlers to have a unique metric_event" do + events = Gitlab::Email::Handler.handlers.map do |handler| + handler.new(Mail::Message.new, 'gitlabhq/gitlabhq+auth_token').metrics_event + end + + expect(events.uniq.count).to eq events.count + end end diff --git a/spec/lib/gitlab/git_access_spec.rb b/spec/lib/gitlab/git_access_spec.rb index b9c21b3a7bd..d584cdbe280 100644 --- a/spec/lib/gitlab/git_access_spec.rb +++ b/spec/lib/gitlab/git_access_spec.rb @@ -943,7 +943,7 @@ describe Gitlab::GitAccess do changes = ['6f6d7e7ed 570e7b2ab refs/heads/master', '6f6d7e7ed 570e7b2ab refs/heads/feature'] # There is still an N+1 query with protected branches - expect { access.check('git-receive-pack', changes) }.not_to exceed_query_limit(control_count).with_threshold(1) + expect { access.check('git-receive-pack', changes) }.not_to exceed_query_limit(control_count).with_threshold(2) end it 'raises TimeoutError when #check_single_change_access raises a timeout error' do diff --git a/spec/lib/gitlab/hook_data/issue_builder_spec.rb b/spec/lib/gitlab/hook_data/issue_builder_spec.rb index b06d05c1c7f..6013fb78bc7 100644 --- a/spec/lib/gitlab/hook_data/issue_builder_spec.rb +++ b/spec/lib/gitlab/hook_data/issue_builder_spec.rb @@ -23,6 +23,7 @@ describe Gitlab::HookData::IssueBuilder do last_edited_by_id milestone_id moved_to_id + duplicated_to_id project_id relative_position state diff --git a/spec/lib/gitlab/import_export/all_models.yml b/spec/lib/gitlab/import_export/all_models.yml index e496ab4cd35..6d573a4f39a 100644 --- a/spec/lib/gitlab/import_export/all_models.yml +++ b/spec/lib/gitlab/import_export/all_models.yml @@ -14,6 +14,7 @@ issues: - todos - user_agent_detail - moved_to +- duplicated_to - events - merge_requests_closing_issues - metrics diff --git a/spec/lib/gitlab/import_export/safe_model_attributes.yml b/spec/lib/gitlab/import_export/safe_model_attributes.yml index e9750d23c53..2f178648838 100644 --- a/spec/lib/gitlab/import_export/safe_model_attributes.yml +++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml @@ -19,6 +19,7 @@ Issue: - closed_by_id - due_date - moved_to_id +- duplicated_to_id - lock_version - milestone_id - weight diff --git a/spec/lib/gitlab/url_blocker_spec.rb b/spec/lib/gitlab/url_blocker_spec.rb index 6d1d7e48326..6ce002ad70e 100644 --- a/spec/lib/gitlab/url_blocker_spec.rb +++ b/spec/lib/gitlab/url_blocker_spec.rb @@ -30,8 +30,12 @@ describe Gitlab::UrlBlocker do context 'when URI is internal' do let(:import_url) { 'http://localhost' } + before do + stub_dns(import_url, ip_address: '127.0.0.1') + end + it_behaves_like 'validates URI and hostname' do - let(:expected_uri) { 'http://[::1]' } + let(:expected_uri) { 'http://127.0.0.1' } let(:expected_hostname) { 'localhost' } end end @@ -347,6 +351,7 @@ describe Gitlab::UrlBlocker do end before do + allow(ApplicationSetting).to receive(:current).and_return(ApplicationSetting.new) stub_application_setting(outbound_local_requests_whitelist: whitelist) end @@ -384,9 +389,15 @@ describe Gitlab::UrlBlocker do it_behaves_like 'allows local requests', { allow_localhost: false, allow_local_network: false } it 'whitelists IP when dns_rebind_protection is disabled' do - stub_domain_resolv('example.com', '192.168.1.1') do - expect(described_class).not_to be_blocked_url("http://example.com", - url_blocker_attributes.merge(dns_rebind_protection: false)) + url = "http://example.com" + attrs = url_blocker_attributes.merge(dns_rebind_protection: false) + + stub_domain_resolv('example.com', '192.168.1.2') do + expect(described_class).not_to be_blocked_url(url, attrs) + end + + stub_domain_resolv('example.com', '192.168.1.3') do + expect(described_class).to be_blocked_url(url, attrs) end end end @@ -437,6 +448,51 @@ describe Gitlab::UrlBlocker do url_blocker_attributes) end end + + shared_examples 'dns rebinding checks' do + shared_examples 'whitelists the domain' do + let(:whitelist) { [domain] } + let(:url) { "http://#{domain}" } + + before do + stub_env('RSPEC_ALLOW_INVALID_URLS', 'false') + end + + it do + expect(described_class).not_to be_blocked_url(url, dns_rebind_protection: dns_rebind_value) + end + end + + context 'when dns_rebinding_setting is' do + context 'enabled' do + let(:dns_rebind_value) { true } + + it_behaves_like 'whitelists the domain' + end + + context 'disabled' do + let(:dns_rebind_value) { false } + + it_behaves_like 'whitelists the domain' + end + end + end + + context 'when the domain cannot be resolved' do + let(:domain) { 'foobar.x' } + + it_behaves_like 'dns rebinding checks' + end + + context 'when the domain can be resolved' do + let(:domain) { 'example.com' } + + before do + stub_dns(url, ip_address: '93.184.216.34') + end + + it_behaves_like 'dns rebinding checks' + end end context 'with ip ranges in whitelist' do diff --git a/spec/lib/gitlab/url_blockers/url_whitelist_spec.rb b/spec/lib/gitlab/url_blockers/url_whitelist_spec.rb new file mode 100644 index 00000000000..906e0f0ba3d --- /dev/null +++ b/spec/lib/gitlab/url_blockers/url_whitelist_spec.rb @@ -0,0 +1,72 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Gitlab::UrlBlockers::UrlWhitelist do + include StubRequests + + let(:whitelist) { [] } + + before do + allow(ApplicationSetting).to receive(:current).and_return(ApplicationSetting.new) + stub_application_setting(outbound_local_requests_whitelist: whitelist) + end + + describe '#domain_whitelisted?' do + let(:whitelist) do + [ + 'www.example.com', + 'example.com' + ] + end + + it 'returns true if domains present in whitelist' do + aggregate_failures do + whitelist.each do |domain| + expect(described_class).to be_domain_whitelisted(domain) + end + + ['subdomain.example.com', 'example.org'].each do |domain| + expect(described_class).not_to be_domain_whitelisted(domain) + end + end + end + + it 'returns false when domain is blank' do + expect(described_class).not_to be_domain_whitelisted(nil) + end + end + + describe '#ip_whitelisted?' do + let(:whitelist) do + [ + '0.0.0.0', + '127.0.0.1', + '192.168.1.1', + '0:0:0:0:0:ffff:192.168.1.2', + '::ffff:c0a8:102', + 'fc00:bf8b:e62c:abcd:abcd:aaaa:aaaa:aaaa', + '0:0:0:0:0:ffff:169.254.169.254', + '::ffff:a9fe:a9fe', + '::ffff:a9fe:a864', + 'fe80::c800:eff:fe74:8' + ] + end + + it 'returns true if ips present in whitelist' do + aggregate_failures do + whitelist.each do |ip_address| + expect(described_class).to be_ip_whitelisted(ip_address) + end + + ['172.16.2.2', '127.0.0.2', 'fe80::c800:eff:fe74:9'].each do |ip_address| + expect(described_class).not_to be_ip_whitelisted(ip_address) + end + end + end + + it 'returns false when ip is blank' do + expect(described_class).not_to be_ip_whitelisted(nil) + end + end +end diff --git a/spec/lib/gitlab_spec.rb b/spec/lib/gitlab_spec.rb index 589dac61528..ccb5cb3aa43 100644 --- a/spec/lib/gitlab_spec.rb +++ b/spec/lib/gitlab_spec.rb @@ -21,23 +21,23 @@ describe Gitlab do context 'when a REVISION file exists' do before do expect(File).to receive(:exist?) - .with(described_class.root.join('REVISION')) - .and_return(true) + .with(described_class.root.join('REVISION')) + .and_return(true) end it 'returns the actual Git revision' do expect(File).to receive(:read) - .with(described_class.root.join('REVISION')) - .and_return("abc123\n") + .with(described_class.root.join('REVISION')) + .and_return("abc123\n") expect(described_class.revision).to eq('abc123') end it 'memoizes the revision' do expect(File).to receive(:read) - .once - .with(described_class.root.join('REVISION')) - .and_return("abc123\n") + .once + .with(described_class.root.join('REVISION')) + .and_return("abc123\n") 2.times { described_class.revision } end @@ -47,8 +47,8 @@ describe Gitlab do context 'when the Git command succeeds' do before do expect(Gitlab::Popen).to receive(:popen_with_detail) - .with(cmd) - .and_return(Gitlab::Popen::Result.new(cmd, 'abc123', '', double(success?: true))) + .with(cmd) + .and_return(Gitlab::Popen::Result.new(cmd, 'abc123', '', double(success?: true))) end it 'returns the actual Git revision' do @@ -59,8 +59,8 @@ describe Gitlab do context 'when the Git command fails' do before do expect(Gitlab::Popen).to receive(:popen_with_detail) - .with(cmd) - .and_return(Gitlab::Popen::Result.new(cmd, '', 'fatal: Not a git repository', double('Process::Status', success?: false))) + .with(cmd) + .and_return(Gitlab::Popen::Result.new(cmd, '', 'fatal: Not a git repository', double('Process::Status', success?: false))) end it 'returns "Unknown"' do @@ -123,6 +123,27 @@ describe Gitlab do end end + describe '.dev_env_or_com?' do + it 'is true when on .com' do + allow(described_class).to receive(:com?).and_return(true) + + expect(described_class.dev_env_or_com?).to eq true + end + + it 'is true when dev env' do + allow(described_class).to receive(:com?).and_return(false) + allow(Rails).to receive(:env).and_return(ActiveSupport::StringInquirer.new('development')) + + expect(described_class.dev_env_or_com?).to eq true + end + + it 'is false when not dev or com' do + allow(described_class).to receive(:com?).and_return(false) + + expect(described_class.dev_env_or_com?).to eq false + end + end + describe '.ee?' do before do described_class.instance_variable_set(:@is_ee, nil) @@ -138,12 +159,12 @@ describe Gitlab do allow(described_class) .to receive(:root) - .and_return(root) + .and_return(root) allow(root) .to receive(:join) - .with('ee/app/models/license.rb') - .and_return(license_path) + .with('ee/app/models/license.rb') + .and_return(license_path) expect(described_class.ee?).to eq(true) end @@ -154,12 +175,12 @@ describe Gitlab do allow(described_class) .to receive(:root) - .and_return(Pathname.new('dummy')) + .and_return(Pathname.new('dummy')) allow(root) .to receive(:join) - .with('ee/app/models/license.rb') - .and_return(license_path) + .with('ee/app/models/license.rb') + .and_return(license_path) expect(described_class.ee?).to eq(false) end |