2019-09-30 08:06:01 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2019-08-29 03:56:52 -04:00
|
|
|
require 'spec_helper'
|
2016-04-17 17:48:51 -04:00
|
|
|
|
2020-06-24 05:08:32 -04:00
|
|
|
RSpec.describe CommitsHelper do
|
2016-04-17 17:48:51 -04:00
|
|
|
describe 'commit_author_link' do
|
|
|
|
it 'escapes the author email' do
|
|
|
|
commit = double(
|
|
|
|
author: nil,
|
|
|
|
author_name: 'Persistent XSS',
|
|
|
|
author_email: 'my@email.com" onmouseover="alert(1)'
|
|
|
|
)
|
|
|
|
|
2017-06-21 09:48:12 -04:00
|
|
|
expect(helper.commit_author_link(commit))
|
|
|
|
.not_to include('onmouseover="alert(1)"')
|
2016-04-17 17:48:51 -04:00
|
|
|
end
|
2017-09-04 06:28:30 -04:00
|
|
|
|
|
|
|
it 'escapes the author name' do
|
|
|
|
user = build_stubbed(:user, name: 'Foo <script>alert("XSS")</script>')
|
|
|
|
|
|
|
|
commit = double(author: user, author_name: '', author_email: '')
|
|
|
|
|
|
|
|
expect(helper.commit_author_link(commit))
|
|
|
|
.to include('Foo <script>')
|
|
|
|
expect(helper.commit_author_link(commit, avatar: true))
|
2019-01-04 10:59:03 -05:00
|
|
|
.to include('commit-author-name', 'js-user-link', 'Foo <script>')
|
2017-09-04 06:28:30 -04:00
|
|
|
end
|
2016-04-17 17:48:51 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
describe 'commit_committer_link' do
|
|
|
|
it 'escapes the committer email' do
|
|
|
|
commit = double(
|
|
|
|
committer: nil,
|
|
|
|
committer_name: 'Persistent XSS',
|
|
|
|
committer_email: 'my@email.com" onmouseover="alert(1)'
|
|
|
|
)
|
|
|
|
|
2017-06-21 09:48:12 -04:00
|
|
|
expect(helper.commit_committer_link(commit))
|
|
|
|
.not_to include('onmouseover="alert(1)"')
|
2016-04-17 17:48:51 -04:00
|
|
|
end
|
2017-09-04 06:28:30 -04:00
|
|
|
|
2018-09-25 04:37:32 -04:00
|
|
|
it 'escapes the committer name' do
|
2017-09-04 06:28:30 -04:00
|
|
|
user = build_stubbed(:user, name: 'Foo <script>alert("XSS")</script>')
|
|
|
|
|
|
|
|
commit = double(committer: user, committer_name: '', committer_email: '')
|
|
|
|
|
|
|
|
expect(helper.commit_committer_link(commit))
|
|
|
|
.to include('Foo <script>')
|
|
|
|
expect(helper.commit_committer_link(commit, avatar: true))
|
|
|
|
.to include('commit-committer-name', 'Foo <script>')
|
|
|
|
end
|
2016-04-17 17:48:51 -04:00
|
|
|
end
|
2017-01-29 23:01:31 -05:00
|
|
|
|
2020-07-02 11:09:08 -04:00
|
|
|
describe '#view_file_button' do
|
|
|
|
let(:project) { build(:project) }
|
|
|
|
let(:path) { 'path/to/file' }
|
|
|
|
let(:sha) { '1234567890' }
|
|
|
|
|
|
|
|
subject do
|
|
|
|
helper.view_file_button(sha, path, project)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'links to project files' do
|
|
|
|
expect(subject).to have_link('1234567', href: helper.project_blob_path(project, "#{sha}/#{path}"))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-02-06 19:06:46 -05:00
|
|
|
describe '#view_on_environment_button' do
|
2017-08-02 15:55:11 -04:00
|
|
|
let(:project) { create(:project) }
|
2017-01-29 23:01:31 -05:00
|
|
|
let(:environment) { create(:environment, external_url: 'http://example.com') }
|
|
|
|
let(:path) { 'source/file.html' }
|
|
|
|
let(:sha) { RepoHelpers.sample_commit.id }
|
|
|
|
|
|
|
|
before do
|
|
|
|
allow(environment).to receive(:external_url_for).with(path, sha).and_return('http://example.com/file.html')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns a link tag linking to the file in the environment' do
|
2017-02-06 19:06:46 -05:00
|
|
|
html = helper.view_on_environment_button(sha, path, environment)
|
2017-01-29 23:01:31 -05:00
|
|
|
node = Nokogiri::HTML.parse(html).at_css('a')
|
|
|
|
|
|
|
|
expect(node[:title]).to eq('View on example.com')
|
|
|
|
expect(node[:href]).to eq('http://example.com/file.html')
|
|
|
|
end
|
|
|
|
end
|
2020-01-31 07:08:33 -05:00
|
|
|
|
|
|
|
describe '#commit_to_html' do
|
|
|
|
let(:project) { create(:project, :repository) }
|
|
|
|
let(:ref) { 'master' }
|
|
|
|
let(:commit) { project.commit(ref) }
|
|
|
|
|
|
|
|
it 'renders HTML representation of a commit' do
|
|
|
|
assign(:project, project)
|
|
|
|
allow(helper).to receive(:current_user).and_return(project.owner)
|
|
|
|
|
|
|
|
expect(helper.commit_to_html(commit, ref, project)).to include('<div class="commit-content')
|
|
|
|
end
|
|
|
|
end
|
2020-04-22 14:09:52 -04:00
|
|
|
|
|
|
|
describe 'commit_path' do
|
|
|
|
it 'returns a persisted merge request commit path' do
|
|
|
|
project = create(:project, :repository)
|
|
|
|
persisted_merge_request = create(:merge_request, source_project: project, target_project: project)
|
|
|
|
commit = project.repository.commit
|
|
|
|
|
|
|
|
expect(helper.commit_path(persisted_merge_request.project, commit, merge_request: persisted_merge_request))
|
|
|
|
.to eq(diffs_project_merge_request_path(project, persisted_merge_request, commit_id: commit.id))
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns a non-persisted merge request commit path which commits still reside in the source project' do
|
|
|
|
source_project = create(:project, :repository)
|
|
|
|
target_project = create(:project, :repository)
|
|
|
|
non_persisted_merge_request = build(:merge_request, source_project: source_project, target_project: target_project)
|
|
|
|
commit = source_project.repository.commit
|
|
|
|
|
|
|
|
expect(helper.commit_path(non_persisted_merge_request.project, commit, merge_request: non_persisted_merge_request))
|
|
|
|
.to eq(project_commit_path(source_project, commit))
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns a project commit path' do
|
|
|
|
project = create(:project, :repository)
|
|
|
|
commit = project.repository.commit
|
|
|
|
|
|
|
|
expect(helper.commit_path(project, commit)).to eq(project_commit_path(project, commit))
|
|
|
|
end
|
|
|
|
end
|
2016-04-17 17:48:51 -04:00
|
|
|
end
|