Commit f46d3d60 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Merge branch 'dm-dependency-value-regex' into 'master'

Don't allow spaces in dependency linker value regex

See merge request !11721
parents 5aea2e6e c197b72f
module Gitlab
module DependencyLinker
class BaseLinker
URL_REGEX = %r{https?://[^'"]+}.freeze
REPO_REGEX = %r{[^/'"]+/[^/'"]+}.freeze
URL_REGEX = %r{https?://[^'" ]+}.freeze
REPO_REGEX = %r{[^/'" ]+/[^/'" ]+}.freeze
class_attribute :file_type
......@@ -69,7 +69,7 @@ module Gitlab
@highlighted_lines ||= highlighted_text.lines
end
def regexp_for_value(value, default: /[^'"]+/)
def regexp_for_value(value, default: /[^'" ]+/)
case value
when Array
Regexp.union(value.map { |v| regexp_for_value(v, default: default) })
......
......@@ -24,8 +24,8 @@ module Gitlab
# link_json('specific_package', '1.0.1', link: :key)
# # Will link `specific_package` in `"specific_package": "1.0.1"`
def link_json(key, value = nil, link: :value, &url_proc)
key = regexp_for_value(key, default: /[^"]+/)
value = regexp_for_value(value, default: /[^"]+/)
key = regexp_for_value(key, default: /[^" ]+/)
value = regexp_for_value(value, default: /[^" ]+/)
if link == :value
value = /(?<name>#{value})/
......
......@@ -24,12 +24,16 @@ describe Gitlab::DependencyLinker::PackageJsonLinker, lib: true do
"url": "https://github.com/vuejs/vue.git"
},
"homepage": "https://github.com/vuejs/vue#readme",
"scripts": {
"karma": "karma start config/karma.config.js --single-run"
},
"dependencies": {
"primus": "*",
"async": "~0.8.0",
"express": "4.2.x",
"bigpipe": "bigpipe/pagelet",
"plates": "https://github.com/flatiron/plates/tarball/master"
"plates": "https://github.com/flatiron/plates/tarball/master",
"karma": "^1.4.1"
},
"devDependencies": {
"vows": "^0.7.0",
......@@ -69,6 +73,7 @@ describe Gitlab::DependencyLinker::PackageJsonLinker, lib: true do
expect(subject).to include(link('express', 'https://npmjs.com/package/express'))
expect(subject).to include(link('bigpipe', 'https://npmjs.com/package/bigpipe'))
expect(subject).to include(link('plates', 'https://npmjs.com/package/plates'))
expect(subject).to include(link('karma', 'https://npmjs.com/package/karma'))
expect(subject).to include(link('vows', 'https://npmjs.com/package/vows'))
expect(subject).to include(link('assume', 'https://npmjs.com/package/assume'))
expect(subject).to include(link('pre-commit', 'https://npmjs.com/package/pre-commit'))
......@@ -81,5 +86,9 @@ describe Gitlab::DependencyLinker::PackageJsonLinker, lib: true do
it 'links Git repos' do
expect(subject).to include(link('https://github.com/flatiron/plates/tarball/master', 'https://github.com/flatiron/plates/tarball/master'))
end
it 'does not link scripts with the same key as a package' do
expect(subject).not_to include(link('karma start config/karma.config.js --single-run', 'https://github.com/karma start config/karma.config.js --single-run'))
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment