gitlab-org--gitlab-foss/spec/migrations/cleanup_environments_external_url_spec.rb
Cindy Pallares 4bc6f2e3ac
Merge branch 'security-stored-xss-for-environments' into 'master'
[master] Stored XSS for Environments

Closes #2727

See merge request gitlab/gitlabhq!2594
2018-11-28 19:07:29 -05:00

28 lines
987 B
Ruby

require 'spec_helper'
require Rails.root.join('db', 'migrate', '20181108091549_cleanup_environments_external_url.rb')
describe CleanupEnvironmentsExternalUrl, :migration do
let(:environments) { table(:environments) }
let(:invalid_entries) { environments.where(environments.arel_table[:external_url].matches('javascript://%')) }
let(:namespaces) { table(:namespaces) }
let(:projects) { table(:projects) }
before do
namespace = namespaces.create(name: 'foo', path: 'foo')
project = projects.create!(namespace_id: namespace.id)
environments.create!(id: 1, project_id: project.id, name: 'poisoned', slug: 'poisoned', external_url: 'javascript://alert("1")')
end
it 'clears every environment with a javascript external_url' do
expect do
subject.up
end.to change { invalid_entries.count }.from(1).to(0)
end
it 'do not removes environments' do
expect do
subject.up
end.not_to change { environments.count }
end
end