Merge branch 'sh-validate-path-project-import-10-3' into 'security-10-3'
Validate project path in Gitlab import - 10.3 port See merge request gitlab/gitlabhq!2268 (cherry picked from commit 94c82376d66fc80d46dd2d5eeb5bade408ec6a7e) 2b94a7c2 Validate project path in Gitlab import
This commit is contained in:
parent
8f4b061375
commit
1f96512ba1
|
@ -26,7 +26,7 @@ module Projects
|
|||
end
|
||||
|
||||
def tmp_filename
|
||||
"#{SecureRandom.hex}_#{params[:path]}"
|
||||
SecureRandom.hex
|
||||
end
|
||||
|
||||
def file
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe Import::GitlabProjectsController do
|
||||
set(:namespace) { create(:namespace) }
|
||||
set(:user) { namespace.owner }
|
||||
let(:file) { fixture_file_upload(Rails.root + 'spec/fixtures/doc_sample.txt', 'text/plain') }
|
||||
|
||||
before do
|
||||
sign_in(user)
|
||||
end
|
||||
|
||||
describe 'POST create' do
|
||||
context 'with an invalid path' do
|
||||
it 'redirects with an error' do
|
||||
post :create, namespace_id: namespace.id, path: '/test', file: file
|
||||
|
||||
expect(flash[:alert]).to start_with('Project could not be imported')
|
||||
expect(response).to have_gitlab_http_status(302)
|
||||
end
|
||||
|
||||
it 'redirects with an error when a relative path is used' do
|
||||
post :create, namespace_id: namespace.id, path: '../test', file: file
|
||||
|
||||
expect(flash[:alert]).to start_with('Project could not be imported')
|
||||
expect(response).to have_gitlab_http_status(302)
|
||||
end
|
||||
end
|
||||
|
||||
context 'with a valid path' do
|
||||
it 'redirects to the new project path' do
|
||||
post :create, namespace_id: namespace.id, path: 'test', file: file
|
||||
|
||||
expect(flash[:notice]).to include('is being imported')
|
||||
expect(response).to have_gitlab_http_status(302)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -32,7 +32,7 @@ feature 'Import/Export - project import integration test', :js do
|
|||
|
||||
expect(page).to have_content('Import an exported GitLab project')
|
||||
expect(URI.parse(current_url).query).to eq("namespace_id=#{namespace.id}&path=#{project_path}")
|
||||
expect(Gitlab::ImportExport).to receive(:import_upload_path).with(filename: /\A\h{32}_test-project-path\h*\z/).and_call_original
|
||||
expect(Gitlab::ImportExport).to receive(:import_upload_path).with(filename: /\A\h{32}\z/).and_call_original
|
||||
|
||||
attach_file('file', file)
|
||||
click_on 'Import project'
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe Projects::GitlabProjectsImportService do
|
||||
set(:namespace) { build(:namespace) }
|
||||
let(:file) { fixture_file_upload(Rails.root + 'spec/fixtures/doc_sample.txt', 'text/plain') }
|
||||
subject { described_class.new(namespace.owner, { namespace_id: namespace.id, path: path, file: file }) }
|
||||
|
||||
describe '#execute' do
|
||||
context 'with an invalid path' do
|
||||
let(:path) { '/invalid-path/' }
|
||||
|
||||
it 'returns an invalid project' do
|
||||
project = subject.execute
|
||||
|
||||
expect(project).not_to be_persisted
|
||||
expect(project).not_to be_valid
|
||||
end
|
||||
end
|
||||
|
||||
context 'with a valid path' do
|
||||
let(:path) { 'test-path' }
|
||||
|
||||
it 'creates a project' do
|
||||
project = subject.execute
|
||||
|
||||
expect(project).to be_persisted
|
||||
expect(project).to be_valid
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue