diff options
Diffstat (limited to 'spec/requests/user_sends_null_bytes_spec.rb')
-rw-r--r-- | spec/requests/user_sends_null_bytes_spec.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/spec/requests/user_sends_null_bytes_spec.rb b/spec/requests/user_sends_null_bytes_spec.rb new file mode 100644 index 00000000000..1ddfad40996 --- /dev/null +++ b/spec/requests/user_sends_null_bytes_spec.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'User sends null bytes as params' do + let(:null_byte) { "\u0000" } + + it 'raises a 400 error' do + post '/nonexistent', params: { a: "A #{null_byte} nasty string" } + + expect(response).to have_gitlab_http_status(:bad_request) + expect(response.body).to eq('Bad Request') + end +end |