blob: 6d0a8631f78b016c22b09d968746a3755431ab5d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
# frozen_string_literal: true
require "spec_helper"
RSpec.describe Groups::ObservabilityHelper do
let(:group) { build_stubbed(:group) }
let(:observability_url) { Gitlab::Observability.observability_url }
describe '#observability_iframe_src' do
context 'if observability_path is missing from params' do
it 'returns the iframe src for action: dashboards' do
allow(helper).to receive(:params).and_return({ action: 'dashboards' })
expect(helper.observability_iframe_src(group)).to eq("#{observability_url}/-/#{group.id}/")
end
it 'returns the iframe src for action: manage' do
allow(helper).to receive(:params).and_return({ action: 'manage' })
expect(helper.observability_iframe_src(group)).to eq("#{observability_url}/-/#{group.id}/dashboards")
end
it 'returns the iframe src for action: explore' do
allow(helper).to receive(:params).and_return({ action: 'explore' })
expect(helper.observability_iframe_src(group)).to eq("#{observability_url}/-/#{group.id}/explore")
end
end
context 'if observability_path exists in params' do
context 'if observability_path is valid' do
it 'returns the iframe src by injecting the observability path' do
allow(helper).to receive(:params).and_return({ action: '/explore', observability_path: '/foo?bar=foobar' })
expect(helper.observability_iframe_src(group)).to eq("#{observability_url}/-/#{group.id}/foo?bar=foobar")
end
end
context 'if observability_path is not valid' do
it 'returns the iframe src by injecting the sanitised observability path' do
allow(helper).to receive(:params).and_return({
action: '/explore',
observability_path:
"/test?groupId=<script>alert('attack!')</script>"
})
expect(helper.observability_iframe_src(group)).to eq(
"#{observability_url}/-/#{group.id}/test?groupId=alert('attack!')"
)
end
end
end
context 'when observability ui is standalone' do
before do
stub_env('STANDALONE_OBSERVABILITY_UI', 'true')
end
it 'returns the iframe src without group.id for action: dashboards' do
allow(helper).to receive(:params).and_return({ action: 'dashboards' })
expect(helper.observability_iframe_src(group)).to eq("#{observability_url}/")
end
it 'returns the iframe src without group.id for action: manage' do
allow(helper).to receive(:params).and_return({ action: 'manage' })
expect(helper.observability_iframe_src(group)).to eq("#{observability_url}/dashboards")
end
it 'returns the iframe src without group.id for action: explore' do
allow(helper).to receive(:params).and_return({ action: 'explore' })
expect(helper.observability_iframe_src(group)).to eq("#{observability_url}/explore")
end
end
end
describe '#observability_page_title' do
it 'returns the title for action: dashboards' do
allow(helper).to receive(:params).and_return({ action: 'dashboards' })
expect(helper.observability_page_title).to eq("Dashboards")
end
it 'returns the title for action: manage' do
allow(helper).to receive(:params).and_return({ action: 'manage' })
expect(helper.observability_page_title).to eq("Manage Dashboards")
end
it 'returns the title for action: explore' do
allow(helper).to receive(:params).and_return({ action: 'explore' })
expect(helper.observability_page_title).to eq("Explore")
end
it 'returns the default title for unknown action' do
allow(helper).to receive(:params).and_return({ action: 'unknown' })
expect(helper.observability_page_title).to eq("Dashboards")
end
end
end
|