Commit 536f2bdf authored by Bob Van Landuyt's avatar Bob Van Landuyt

Add forbidden paths to the namespace validator

parent f76a5abb
...@@ -53,7 +53,19 @@ class NamespaceValidator < ActiveModel::EachValidator ...@@ -53,7 +53,19 @@ class NamespaceValidator < ActiveModel::EachValidator
WILDCARD_ROUTES = %w[tree commits wikis new edit create update logs_tree WILDCARD_ROUTES = %w[tree commits wikis new edit create update logs_tree
preview blob blame raw files create_dir find_file preview blob blame raw files create_dir find_file
artifacts graphs refs badges].freeze artifacts graphs refs badges info git-upload-pack
git-receive-pack gitlab-lfs autocomplete_sources
templates avatar commit pages compare network snippets
services mattermost deploy_keys forks import merge_requests
branches merged_branches tags protected_branches variables
triggers pipelines environments cycle_analytics builds
hooks container_registry milestones labels issues
project_members group_links notes noteable boards todos
uploads runners runner_projects settings repository
transfer remove_fork archive unarchive housekeeping
toggle_star preview_markdown export remove_export
generate_new_export download_export activity
new_issue_address registry].freeze
STRICT_RESERVED = (RESERVED + WILDCARD_ROUTES).freeze STRICT_RESERVED = (RESERVED + WILDCARD_ROUTES).freeze
......
require 'spec_helper'
describe NamespaceValidator do
describe 'RESERVED' do
it 'includes all the top level namespaces' do
all_top_level_routes = Rails.application.routes.routes.routes.
map { |r| r.path.spec.to_s }.
select { |p| p !~ %r{^/[:*]} }.
map { |p| p.split('/')[1] }.
compact.
map { |p| p.split('(', 2)[0] }.
uniq
expect(described_class::RESERVED).to include(*all_top_level_routes)
end
end
describe 'WILDCARD_ROUTES' do
it 'includes all paths that can be used after a namespace/project path' do
all_wildcard_paths = Rails.application.routes.routes.routes.
map { |r| r.path.spec.to_s }.
select { |p| p =~ %r{^/\*namespace_id/:(project_)?id/[^:*]} }.
map { |p| p.split('/')[3].split('(', 2)[0] }.
uniq
expect(described_class::WILDCARD_ROUTES).to include(*all_wildcard_paths)
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment