1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ::Import::GitlabProjects::FileAcquisitionStrategies::RemoteFile, :aggregate_failures do
let(:remote_url) { 'https://external.file.path/file.tar.gz' }
let(:params) { { remote_import_url: remote_url } }
subject { described_class.new(params: params) }
before do
stub_headers_for(remote_url, {
'content-length' => 10.gigabytes,
'content-type' => 'application/gzip'
})
end
describe 'validation' do
it { expect(subject).to be_valid }
context 'file_url validation' do
let(:remote_url) { 'ftp://invalid.url/file.tar.gz' }
it 'validates the file_url scheme' do
expect(subject).not_to be_valid
expect(subject.errors.full_messages)
.to include("File url is blocked: Only allowed schemes are https")
end
context 'when localhost urls are not allowed' do
let(:remote_url) { 'https://localhost:3000/file.tar.gz' }
it 'validates the file_url' do
stub_application_setting(allow_local_requests_from_web_hooks_and_services: false)
expect(subject).not_to be_valid
expect(subject.errors.full_messages)
.to include("File url is blocked: Requests to localhost are not allowed")
end
end
end
context 'when import_project_from_remote_file_s3 is enabled' do
before do
stub_feature_flags(import_project_from_remote_file_s3: true)
end
context 'when the HTTP request fail to recover the headers' do
it 'adds the error message' do
expect(Gitlab::HTTP)
.to receive(:head)
.and_raise(StandardError, 'request invalid')
expect(subject).not_to be_valid
expect(subject.errors.full_messages)
.to include('Failed to retrive headers: request invalid')
end
end
it 'validates the remote content-length' do
stub_headers_for(remote_url, { 'content-length' => 11.gigabytes })
expect(subject).not_to be_valid
expect(subject.errors.full_messages)
.to include('Content length is too big (should be at most 10 GB)')
end
it 'validates the remote content-type' do
stub_headers_for(remote_url, { 'content-type' => 'unknown' })
expect(subject).not_to be_valid
expect(subject.errors.full_messages)
.to include("Content type 'unknown' not allowed. (Allowed: application/gzip, application/x-tar, application/x-gzip)")
end
context 'when trying to import from AWS S3' do
it 'adds an error suggesting to use `projects/remote-import-s3`' do
stub_headers_for(
remote_url,
'Server' => 'AmazonS3',
'x-amz-request-id' => 'some-id'
)
expect(subject).not_to be_valid
expect(subject.errors.full_messages)
.to include('To import from AWS S3 use `projects/remote-import-s3`')
end
end
end
context 'when import_project_from_remote_file_s3 is disabled' do
before do
stub_feature_flags(import_project_from_remote_file_s3: false)
end
context 'when trying to import from AWS S3' do
it 'does not validate the remote content-length or content-type' do
stub_headers_for(
remote_url,
'Server' => 'AmazonS3',
'x-amz-request-id' => 'some-id',
'content-length' => 11.gigabytes,
'content-type' => 'unknown'
)
expect(subject).to be_valid
end
end
context 'when NOT trying to import from AWS S3' do
it 'validates content-length and content-type' do
stub_headers_for(
remote_url,
'Server' => 'NOT AWS S3',
'content-length' => 11.gigabytes,
'content-type' => 'unknown'
)
expect(subject).not_to be_valid
expect(subject.errors.full_messages)
.to include("Content type 'unknown' not allowed. (Allowed: application/gzip, application/x-tar, application/x-gzip)")
expect(subject.errors.full_messages)
.to include('Content length is too big (should be at most 10 GB)')
end
end
end
end
describe '#project_params' do
it 'returns import_export_upload in the params' do
subject = described_class.new(params: { remote_import_url: remote_url })
expect(subject.project_params).to match(
import_export_upload: an_instance_of(::ImportExportUpload)
)
expect(subject.project_params[:import_export_upload]).to have_attributes(
remote_import_url: remote_url
)
end
end
def stub_headers_for(url, headers = {})
allow(Gitlab::HTTP)
.to receive(:head)
.with(remote_url, timeout: 1.second)
.and_return(double(headers: headers)) # rubocop: disable RSpec/VerifiedDoubles
end
end
|