blob: ab6100509a6c6209ca462a3fb5b20d18b99986a6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
require 'spec_helper'
describe UrlValidator do
let!(:badge) { build(:badge, link_url: 'http://www.example.com') }
subject { validator.validate_each(badge, :link_url, badge.link_url) }
include_examples 'url validator examples', described_class::DEFAULT_PROTOCOLS
context 'by default' do
let(:validator) { described_class.new(attributes: [:link_url]) }
it 'does not block urls pointing to localhost' do
badge.link_url = 'https://127.0.0.1'
subject
expect(badge.errors.empty?).to be true
end
it 'does not block urls pointing to the local network' do
badge.link_url = 'https://192.168.1.1'
subject
expect(badge.errors.empty?).to be true
end
it 'strips urls' do
badge.link_url = "\n\r\n\nhttps://127.0.0.1\r\n\r\n\n\n\n"
# It's unusual for a validator to modify its arguments. Some extensions,
# such as attr_encrypted, freeze the string to signal that modifications
# will not be persisted, so freeze this string to ensure the scheme is
# compatible with them.
badge.link_url.freeze
subject
expect(badge.errors).to be_empty
expect(badge.link_url).to eq('https://127.0.0.1')
end
end
context 'when allow_localhost is set to false' do
let(:validator) { described_class.new(attributes: [:link_url], allow_localhost: false) }
it 'blocks urls pointing to localhost' do
badge.link_url = 'https://127.0.0.1'
subject
expect(badge.errors.empty?).to be false
end
end
context 'when allow_local_network is set to false' do
let(:validator) { described_class.new(attributes: [:link_url], allow_local_network: false) }
it 'blocks urls pointing to the local network' do
badge.link_url = 'https://192.168.1.1'
subject
expect(badge.errors.empty?).to be false
end
end
context 'when ports is' do
let(:validator) { described_class.new(attributes: [:link_url], ports: ports) }
context 'empty' do
let(:ports) { [] }
it 'does not block any port' do
subject
expect(badge.errors.empty?).to be true
end
end
context 'set' do
let(:ports) { [443] }
it 'blocks urls with a different port' do
subject
expect(badge.errors.empty?).to be false
end
end
end
context 'when enforce_user is' do
let(:url) { 'http://$user@example.com'}
let(:validator) { described_class.new(attributes: [:link_url], enforce_user: enforce_user) }
context 'true' do
let(:enforce_user) { true }
it 'checks user format' do
badge.link_url = url
subject
expect(badge.errors.empty?).to be false
end
end
context 'false (default)' do
let(:enforce_user) { false }
it 'does not check user format' do
badge.link_url = url
subject
expect(badge.errors.empty?).to be true
end
end
end
end
|