From 95ced3bb5fa52e166aa03ee592f63180601cbde7 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 13 Mar 2018 22:38:25 +0000
Subject: Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6'

Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
---
 spec/rubocop/cop/gitlab/httparty_spec.rb | 74 ++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 spec/rubocop/cop/gitlab/httparty_spec.rb

(limited to 'spec/rubocop')

diff --git a/spec/rubocop/cop/gitlab/httparty_spec.rb b/spec/rubocop/cop/gitlab/httparty_spec.rb
new file mode 100644
index 00000000000..510839a21d7
--- /dev/null
+++ b/spec/rubocop/cop/gitlab/httparty_spec.rb
@@ -0,0 +1,74 @@
+require 'spec_helper'
+require 'rubocop'
+require 'rubocop/rspec/support'
+require_relative '../../../../rubocop/cop/gitlab/httparty'
+
+describe RuboCop::Cop::Gitlab::HTTParty do # rubocop:disable RSpec/FilePath
+  include CopHelper
+
+  subject(:cop) { described_class.new }
+
+  shared_examples('registering include offense') do |options|
+    let(:offending_lines) { options[:offending_lines] }
+
+    it 'registers an offense when the class includes HTTParty' do
+      inspect_source(source)
+
+      aggregate_failures do
+        expect(cop.offenses.size).to eq(offending_lines.size)
+        expect(cop.offenses.map(&:line)).to eq(offending_lines)
+      end
+    end
+  end
+
+  shared_examples('registering call offense') do |options|
+    let(:offending_lines) { options[:offending_lines] }
+
+    it 'registers an offense when the class calls HTTParty' do
+      inspect_source(source)
+
+      aggregate_failures do
+        expect(cop.offenses.size).to eq(offending_lines.size)
+        expect(cop.offenses.map(&:line)).to eq(offending_lines)
+      end
+    end
+  end
+
+  context 'when source is a regular module' do
+    it_behaves_like 'registering include offense', offending_lines: [2] do
+      let(:source) do
+        <<~RUBY
+          module M
+            include HTTParty
+          end
+        RUBY
+      end
+    end
+  end
+
+  context 'when source is a regular class' do
+    it_behaves_like 'registering include offense', offending_lines: [2] do
+      let(:source) do
+        <<~RUBY
+          class Foo
+            include HTTParty
+          end
+        RUBY
+      end
+    end
+  end
+
+  context 'when HTTParty is called' do
+    it_behaves_like 'registering call offense', offending_lines: [3] do
+      let(:source) do
+        <<~RUBY
+          class Foo
+            def bar
+              HTTParty.get('http://example.com')
+            end
+          end
+        RUBY
+      end
+    end
+  end
+end
-- 
cgit v1.2.1