Update specs

2015-06-05 22:08:15 +03:00 · 2015-06-05 22:08:15 +03:00 · e7c07897e8
parent 4130672069
commit e7c07897e8
3 changed files with 5 additions and 6 deletions
--- a/app/controllers/projects/git/trees_controller.rb
+++ b/app/controllers/projects/git/trees_controller.rb
@ -23,7 +23,7 @@ class Projects::Git::TreesController < Projects::Git::BaseController
    format, @treeish = params[:format], params[:treeish]
    raise Grit::NoSuchPathError unless  @treeish =~ /^#{@project.name}-/ &&
                                        @treeish !~ /[\s]+/ &&
-                                        format =~ /^(zip|tar\.gz)$/
+                                        format =~ /\A(zip|tar\.gz)\z/
    @treeish.gsub!(/^#{@project.name}-/, '')
    sha1 = @project.build_scripts.by_active.by_treeish(@treeish).first.try(:sha1)
    unless sha1
--- a/spec/controllers/projects/git/git_trees_controller_spec.rb
+++ b/spec/controllers/projects/git/git_trees_controller_spec.rb
@ -57,12 +57,10 @@ describe Projects::Git::TreesController, type: :controller do
      expect { get :archive, @params.merge(format: 'tar.gz') }.to raise_error(ActionController::RoutingError)
    end

-    it 'should not be able to injection code with format' do
-      expect { get :archive, @params.merge(format: "tar.gz master > /dev/null; echo 'I am hacker!';\#") }.to raise_error(ActionController::RoutingError)
-    end
-
    it 'should not be able to injection code with treeish' do
-      expect { get :archive, @params.merge(treeish: "master > /dev/null; echo 'I am hacker!';\#") }.to raise_error(ActionController::RoutingError)
+      expect do
+        get :archive, @params.merge(format: 'tar.gz', treeish: "master > /dev/null; echo 'I am hacker!';\#")
+      end.to raise_error(ActionController::RoutingError)
    end

    it 'should be able to perform archive action' do
--- a/spec/jobs/dependent_packages_job_spec.rb
+++ b/spec/jobs/dependent_packages_job_spec.rb
@ -20,6 +20,7 @@ describe BuildLists::DependentPackagesJob do
    allow(Project).to receive_message_chain(:where, :to_a).and_return([project])
    allow(Arch).to receive_message_chain(:where, :to_a).and_return([build_list.arch])

+    allow_any_instance_of(BuildList).to       receive(:update_statistic)
    allow_any_instance_of(BuildListPolicy).to receive(:show?).and_return(true)
    allow_any_instance_of(ProjectPolicy).to   receive(:write?).and_return(true)
    allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(true)