Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into task_list_refactortask_list_refactor

author: Simon Knox <psimyn@gmail.com> 2017-02-16 13:10:32 +1100
committer: Simon Knox <psimyn@gmail.com> 2017-02-16 13:10:32 +1100
commit: 8a928af0fc54a84c5b858955e7459512155d4af0 (patch)
tree: 4c55ff6c1cd20405e9adf5973e2ce1c229fcebde /spec/lib
parent: 3f713db0da2602152aa482b57f84b7418fd20a93 (diff)
parent: b05e75b8faccc50749adc63419074c91802a8f50 (diff)
download: gitlab-ce-task_list_refactor.tar.gz
6 files changed, 127 insertions, 2 deletions
diff --git a/spec/lib/banzai/filter/user_reference_filter_spec.rb b/spec/lib/banzai/filter/user_reference_filter_spec.rb
index 3e1ac9fb2b2..d5d128c1907 100644
--- a/spec/lib/banzai/filter/user_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/user_reference_filter_spec.rb
@@ -112,6 +112,19 @@ describe Banzai::Filter::UserReferenceFilter, lib: true do
     end
   end
 
+  context 'mentioning a nested group' do
+    it_behaves_like 'a reference containing an element node'
+
+    let(:group)     { create(:group, :nested) }
+    let(:reference) { group.to_reference }
+
+    it 'links to the nested group' do
+      doc = reference_filter("Hey #{reference}")
+
+      expect(doc.css('a').first.attr('href')).to eq urls.group_url(group)
+    end
+  end
+
   it 'links with adjacent text' do
     doc = reference_filter("Mention me (#{reference}.)")
     expect(doc.to_html).to match(/\(<a.+>#{reference}<\/a>\.\)/)
diff --git a/spec/lib/gitlab/asciidoc_spec.rb b/spec/lib/gitlab/asciidoc_spec.rb
index ba199917f5c..bca57105d1d 100644
--- a/spec/lib/gitlab/asciidoc_spec.rb
+++ b/spec/lib/gitlab/asciidoc_spec.rb
@@ -41,6 +41,29 @@ module Gitlab
           render(input, context, asciidoc_opts)
         end
       end
+      
+      context "XSS" do
+        links = {
+          'links' => {
+            input: 'link:mylink"onmouseover="alert(1)[Click Here]',
+            output: "<div>\n<p><a href=\"mylink\">Click Here</a></p>\n</div>"
+          },
+          'images' => {
+            input: 'image:https://localhost.com/image.png[Alt text" onerror="alert(7)]',
+            output: "<div>\n<p><span><img src=\"https://localhost.com/image.png\" alt=\"Alt text\"></span></p>\n</div>"
+          },
+          'pre' => {
+            input: '```mypre"><script>alert(3)</script>',
+            output: "<div>\n<div>\n<pre lang=\"mypre\">\"&gt;<code></code></pre>\n</div>\n</div>"
+          }
+        }
+
+        links.each do |name, data|
+          it "does not convert dangerous #{name} into HTML" do
+            expect(render(data[:input], context)).to eql data[:output]
+          end
+        end
+      end
     end
 
     def render(*args)
diff --git a/spec/lib/gitlab/database_spec.rb b/spec/lib/gitlab/database_spec.rb
index b142b3a2781..f01c42aff91 100644
--- a/spec/lib/gitlab/database_spec.rb
+++ b/spec/lib/gitlab/database_spec.rb
@@ -5,6 +5,12 @@ class MigrationTest
 end
 
 describe Gitlab::Database, lib: true do
+  describe '.adapter_name' do
+    it 'returns the name of the adapter' do
+      expect(described_class.adapter_name).to be_an_instance_of(String)
+    end
+  end
+
   # These are just simple smoke tests to check if the methods work (regardless
   # of what they may return).
   describe '.mysql?' do
@@ -71,6 +77,54 @@ describe Gitlab::Database, lib: true do
     end
   end
 
+  describe '.with_connection_pool' do
+    it 'creates a new connection pool and disconnect it after used' do
+      closed_pool = nil
+
+      described_class.with_connection_pool(1) do |pool|
+        pool.with_connection do |connection|
+          connection.execute('SELECT 1 AS value')
+        end
+
+        expect(pool).to be_connected
+
+        closed_pool = pool
+      end
+
+      expect(closed_pool).not_to be_connected
+    end
+
+    it 'disconnects the pool even an exception was raised' do
+      error = Class.new(RuntimeError)
+      closed_pool = nil
+
+      begin
+        described_class.with_connection_pool(1) do |pool|
+          pool.with_connection do |connection|
+            connection.execute('SELECT 1 AS value')
+          end
+
+          closed_pool = pool
+
+          raise error.new('boom')
+        end
+      rescue error
+      end
+
+      expect(closed_pool).not_to be_connected
+    end
+  end
+
+  describe '.create_connection_pool' do
+    it 'creates a new connection pool with specific pool size' do
+      pool = described_class.create_connection_pool(5)
+
+      expect(pool)
+        .to be_kind_of(ActiveRecord::ConnectionAdapters::ConnectionPool)
+      expect(pool.spec.config[:pool]).to eq(5)
+    end
+  end
+
   describe '#true_value' do
     it 'returns correct value for PostgreSQL' do
       expect(described_class).to receive(:postgresql?).and_return(true)
diff --git a/spec/lib/gitlab/import_export/import_export_spec.rb b/spec/lib/gitlab/import_export/import_export_spec.rb
index 53f7d244d88..20743811dab 100644
--- a/spec/lib/gitlab/import_export/import_export_spec.rb
+++ b/spec/lib/gitlab/import_export/import_export_spec.rb
@@ -2,14 +2,15 @@ require 'spec_helper'
 
 describe Gitlab::ImportExport, services: true do
   describe 'export filename' do
-    let(:project) { create(:empty_project, :public, path: 'project-path') }
+    let(:group) { create(:group, :nested) }
+    let(:project) { create(:empty_project, :public, path: 'project-path', namespace: group) }
 
     it 'contains the project path' do
       expect(described_class.export_filename(project: project)).to include(project.path)
     end
 
     it 'contains the namespace path' do
-      expect(described_class.export_filename(project: project)).to include(project.namespace.path)
+      expect(described_class.export_filename(project: project)).to include(project.namespace.full_path)
     end
 
     it 'does not go over a certain length' do
diff --git a/spec/lib/gitlab/other_markup.rb b/spec/lib/gitlab/other_markup.rb
new file mode 100644
index 00000000000..8f5a353b381
--- /dev/null
+++ b/spec/lib/gitlab/other_markup.rb
@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+describe Gitlab::OtherMarkup, lib: true do
+  context "XSS Checks" do
+    links = {
+      'links' => {
+        file: 'file.rdoc',
+        input: 'XSS[JaVaScriPt:alert(1)]',
+        output: '<p><a>XSS</a></p>'
+      }
+    }
+    links.each do |name, data|
+      it "does not convert dangerous #{name} into HTML" do
+        expect(render(data[:file], data[:input], context)).to eql data[:output]
+      end
+    end
+  end
+
+  def render(*args)
+    described_class.render(*args)
+  end
+end
diff --git a/spec/lib/gitlab/regex_spec.rb b/spec/lib/gitlab/regex_spec.rb
index 1dbc2f6eb13..089ec4e2737 100644
--- a/spec/lib/gitlab/regex_spec.rb
+++ b/spec/lib/gitlab/regex_spec.rb
@@ -50,4 +50,16 @@ describe Gitlab::Regex, lib: true do
     it { is_expected.not_to match('9foo') }
     it { is_expected.not_to match('foo-') }
   end
+
+  describe 'NAMESPACE_REF_REGEX_STR' do
+    subject { %r{\A#{Gitlab::Regex::NAMESPACE_REF_REGEX_STR}\z} }
+
+    it { is_expected.to match('gitlab.org') }
+    it { is_expected.to match('gitlab.org/gitlab-git') }
+    it { is_expected.not_to match('gitlab.org.') }
+    it { is_expected.not_to match('gitlab.org/') }
+    it { is_expected.not_to match('/gitlab.org') }
+    it { is_expected.not_to match('gitlab.git') }
+    it { is_expected.not_to match('gitlab git') }
+  end
 end
author	Simon Knox <psimyn@gmail.com>	2017-02-16 13:10:32 +1100
committer	Simon Knox <psimyn@gmail.com>	2017-02-16 13:10:32 +1100
commit	8a928af0fc54a84c5b858955e7459512155d4af0 (patch)
tree	4c55ff6c1cd20405e9adf5973e2ce1c229fcebde /spec/lib
parent	3f713db0da2602152aa482b57f84b7418fd20a93 (diff)
parent	b05e75b8faccc50749adc63419074c91802a8f50 (diff)
download	gitlab-ce-task_list_refactor.tar.gz