Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-02-26 21:09:11 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-02-26 21:09:11 +0000
commit: f82d5dcab7c3d9a672abc827c92f86887b683a7d (patch)
tree: 4a4379a82ab825185aaeafdfb9eb0f9029dc286c /spec/requests
parent: 619d0b6922a6cf95d291fbbf5fa3d09e772a1ea8 (diff)
download: gitlab-ce-f82d5dcab7c3d9a672abc827c92f86887b683a7d.tar.gz
1 files changed, 54 insertions, 0 deletions
diff --git a/spec/requests/api/files_spec.rb b/spec/requests/api/files_spec.rb
index 3596647015c..e6406174391 100644
--- a/spec/requests/api/files_spec.rb
+++ b/spec/requests/api/files_spec.rb
@@ -7,6 +7,8 @@ describe API::Files do
   let!(:project) { create(:project, :repository, namespace: user.namespace ) }
   let(:guest) { create(:user) { |u| project.add_guest(u) } }
   let(:file_path) { "files%2Fruby%2Fpopen%2Erb" }
+  let(:rouge_file_path) { "%2e%2e%2f" }
+  let(:invalid_file_message) { 'file_path should be a valid file path' }
   let(:params) do
     {
       ref: 'master'
@@ -55,6 +57,12 @@ describe API::Files do
 
   describe "HEAD /projects/:id/repository/files/:file_path" do
     shared_examples_for 'repository files' do
+      it 'returns 400 when file path is invalid' do
+        head api(route(rouge_file_path), current_user), params: params
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+      end
+
       it 'returns file attributes in headers' do
         head api(route(file_path), current_user), params: params
 
@@ -145,6 +153,13 @@ describe API::Files do
 
   describe "GET /projects/:id/repository/files/:file_path" do
     shared_examples_for 'repository files' do
+      it 'returns 400 for invalid file path' do
+        get api(route(rouge_file_path), current_user), params: params
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+        expect(json_response['error']).to eq(invalid_file_message)
+      end
+
       it 'returns file attributes as json' do
         get api(route(file_path), current_user), params: params
 
@@ -302,6 +317,13 @@ describe API::Files do
           .to eq('c440cd09bae50c4632cc58638ad33c6aa375b6109d811e76a9cc3a613c1e8887')
       end
 
+      it 'returns 400 when file path is invalid' do
+        get api(route(rouge_file_path) + '/blame', current_user), params: params
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+        expect(json_response['error']).to eq(invalid_file_message)
+      end
+
       it 'returns blame file attributes as json' do
         get api(route(file_path) + '/blame', current_user), params: params
 
@@ -418,6 +440,13 @@ describe API::Files do
 
   describe "GET /projects/:id/repository/files/:file_path/raw" do
     shared_examples_for 'repository raw files' do
+      it 'returns 400 when file path is invalid' do
+        get api(route(rouge_file_path) + "/raw", current_user), params: params
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+        expect(json_response['error']).to eq(invalid_file_message)
+      end
+
       it 'returns raw file info' do
         url = route(file_path) + "/raw"
         expect(Gitlab::Workhorse).to receive(:send_git_blob)
@@ -535,6 +564,13 @@ describe API::Files do
       }
     end
 
+    it 'returns 400 when file path is invalid' do
+      post api(route(rouge_file_path), user), params: params
+
+      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(json_response['error']).to eq(invalid_file_message)
+    end
+
     it "creates a new file in project repo" do
       post api(route(file_path), user), params: params
 
@@ -662,6 +698,17 @@ describe API::Files do
       expect(response).to have_gitlab_http_status(:ok)
     end
 
+    it "returns 400 when file path is invalid" do
+      last_commit = Gitlab::Git::Commit
+                        .last_for_path(project.repository, 'master', URI.unescape(file_path))
+      params_with_correct_id = params.merge(last_commit_id: last_commit.id)
+
+      put api(route(rouge_file_path), user), params: params_with_correct_id
+
+      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(json_response['error']).to eq(invalid_file_message)
+    end
+
     it "returns a 400 bad request if no params given" do
       put api(route(file_path), user)
 
@@ -690,6 +737,13 @@ describe API::Files do
       }
     end
 
+    it 'returns 400 when file path is invalid' do
+      delete api(route(rouge_file_path), user), params: params
+
+      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(json_response['error']).to eq(invalid_file_message)
+    end
+
     it "deletes existing file in project repo" do
       delete api(route(file_path), user), params: params
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-02-26 21:09:11 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-02-26 21:09:11 +0000
commit	f82d5dcab7c3d9a672abc827c92f86887b683a7d (patch)
tree	4a4379a82ab825185aaeafdfb9eb0f9029dc286c /spec/requests
parent	619d0b6922a6cf95d291fbbf5fa3d09e772a1ea8 (diff)
download	gitlab-ce-f82d5dcab7c3d9a672abc827c92f86887b683a7d.tar.gz