Software
/
rosa-build
mirror of https://github.com/OpenMandrivaSoftware/rosa-build.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update specs

This commit is contained in:
Vokhmin Alexey V 2015-06-05 22:08:15 +03:00
parent 4130672069
commit e7c07897e8
3 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/projects/git/trees_controller.rb
View File

@ -23,7 +23,7 @@ class Projects::Git::TreesController < Projects::Git::BaseController
format, @treeish = params[:format], params[:treeish] format, @treeish = params[:format], params[:treeish]
raise Grit::NoSuchPathError unless @treeish =~ /^#{@project.name}-/ && raise Grit::NoSuchPathError unless @treeish =~ /^#{@project.name}-/ &&
@treeish !~ /[\s]+/ && @treeish !~ /[\s]+/ &&
format =~ /^(zip|tar\.gz)$/ format =~ /\A(zip|tar\.gz)\z/
@treeish.gsub!(/^#{@project.name}-/, '') @treeish.gsub!(/^#{@project.name}-/, '')
sha1 = @project.build_scripts.by_active.by_treeish(@treeish).first.try(:sha1) sha1 = @project.build_scripts.by_active.by_treeish(@treeish).first.try(:sha1)
unless sha1 unless sha1

8
spec/controllers/projects/git/git_trees_controller_spec.rb
View File

@ -57,12 +57,10 @@ describe Projects::Git::TreesController, type: :controller do
expect { get :archive, @params.merge(format: 'tar.gz') }.to raise_error(ActionController::RoutingError) expect { get :archive, @params.merge(format: 'tar.gz') }.to raise_error(ActionController::RoutingError)
end end
it 'should not be able to injection code with format' do
expect { get :archive, @params.merge(format: "tar.gz master > /dev/null; echo 'I am hacker!';\#") }.to raise_error(ActionController::RoutingError)
end
it 'should not be able to injection code with treeish' do it 'should not be able to injection code with treeish' do
expect { get :archive, @params.merge(treeish: "master > /dev/null; echo 'I am hacker!';\#") }.to raise_error(ActionController::RoutingError) expect do
get :archive, @params.merge(format: 'tar.gz', treeish: "master > /dev/null; echo 'I am hacker!';\#")
end.to raise_error(ActionController::RoutingError)
end end
it 'should be able to perform archive action' do it 'should be able to perform archive action' do

1
spec/jobs/dependent_packages_job_spec.rb
View File

@ -20,6 +20,7 @@ describe BuildLists::DependentPackagesJob do
allow(Project).to receive_message_chain(:where, :to_a).and_return([project]) allow(Project).to receive_message_chain(:where, :to_a).and_return([project])
allow(Arch).to receive_message_chain(:where, :to_a).and_return([build_list.arch]) allow(Arch).to receive_message_chain(:where, :to_a).and_return([build_list.arch])
allow_any_instance_of(BuildList).to receive(:update_statistic)
allow_any_instance_of(BuildListPolicy).to receive(:show?).and_return(true) allow_any_instance_of(BuildListPolicy).to receive(:show?).and_return(true)
allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true) allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true)
allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(true) allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(true)