From 536f2bdfd17ac3bab38851de2973dd1c89dccc3f Mon Sep 17 00:00:00 2001
From: Bob Van Landuyt <bob@gitlab.com>
Date: Wed, 5 Apr 2017 13:44:23 +0200
Subject: [PATCH] Add forbidden paths to the namespace validator

---
 app/validators/namespace_validator.rb       | 14 +++++++++-
 spec/validators/namespace_validator_spec.rb | 29 +++++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 spec/validators/namespace_validator_spec.rb

diff --git a/app/validators/namespace_validator.rb b/app/validators/namespace_validator.rb
index 9601013f2d2..2aef4204e31 100644
--- a/app/validators/namespace_validator.rb
+++ b/app/validators/namespace_validator.rb
@@ -53,7 +53,19 @@ class NamespaceValidator < ActiveModel::EachValidator
 
   WILDCARD_ROUTES = %w[tree commits wikis new edit create update logs_tree
                        preview blob blame raw files create_dir find_file
-                       artifacts graphs refs badges].freeze
+                       artifacts graphs refs badges info git-upload-pack
+                       git-receive-pack gitlab-lfs autocomplete_sources
+                       templates avatar commit pages compare network snippets
+                       services mattermost deploy_keys forks import merge_requests
+                       branches merged_branches tags protected_branches variables
+                       triggers pipelines environments cycle_analytics builds
+                       hooks container_registry milestones labels issues
+                       project_members group_links notes noteable boards todos
+                       uploads runners runner_projects settings repository
+                       transfer remove_fork archive unarchive housekeeping
+                       toggle_star preview_markdown export remove_export
+                       generate_new_export download_export activity
+                       new_issue_address registry].freeze
 
   STRICT_RESERVED = (RESERVED + WILDCARD_ROUTES).freeze
 
diff --git a/spec/validators/namespace_validator_spec.rb b/spec/validators/namespace_validator_spec.rb
new file mode 100644
index 00000000000..e21b8ef5abd
--- /dev/null
+++ b/spec/validators/namespace_validator_spec.rb
@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe NamespaceValidator do
+  describe 'RESERVED' do
+    it 'includes all the top level namespaces' do
+      all_top_level_routes = Rails.application.routes.routes.routes.
+                               map { |r| r.path.spec.to_s }.
+                               select { |p| p !~ %r{^/[:*]} }.
+                               map { |p| p.split('/')[1] }.
+                               compact.
+                               map { |p| p.split('(', 2)[0] }.
+                               uniq
+
+      expect(described_class::RESERVED).to include(*all_top_level_routes)
+    end
+  end
+
+  describe 'WILDCARD_ROUTES' do
+    it 'includes all paths that can be used after a namespace/project path' do
+      all_wildcard_paths = Rails.application.routes.routes.routes.
+                             map { |r| r.path.spec.to_s }.
+                             select { |p| p =~ %r{^/\*namespace_id/:(project_)?id/[^:*]} }.
+                             map { |p| p.split('/')[3].split('(', 2)[0] }.
+                             uniq
+
+      expect(described_class::WILDCARD_ROUTES).to include(*all_wildcard_paths)
+    end
+  end
+end