Commit f46d3d60 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Merge branch 'dm-dependency-value-regex' into 'master'

Don't allow spaces in dependency linker value regex

See merge request !11721
parents 5aea2e6e c197b72f
module Gitlab module Gitlab
module DependencyLinker module DependencyLinker
class BaseLinker class BaseLinker
URL_REGEX = %r{https?://[^'"]+}.freeze URL_REGEX = %r{https?://[^'" ]+}.freeze
REPO_REGEX = %r{[^/'"]+/[^/'"]+}.freeze REPO_REGEX = %r{[^/'" ]+/[^/'" ]+}.freeze
class_attribute :file_type class_attribute :file_type
...@@ -69,7 +69,7 @@ module Gitlab ...@@ -69,7 +69,7 @@ module Gitlab
@highlighted_lines ||= highlighted_text.lines @highlighted_lines ||= highlighted_text.lines
end end
def regexp_for_value(value, default: /[^'"]+/) def regexp_for_value(value, default: /[^'" ]+/)
case value case value
when Array when Array
Regexp.union(value.map { |v| regexp_for_value(v, default: default) }) Regexp.union(value.map { |v| regexp_for_value(v, default: default) })
......
...@@ -24,8 +24,8 @@ module Gitlab ...@@ -24,8 +24,8 @@ module Gitlab
# link_json('specific_package', '1.0.1', link: :key) # link_json('specific_package', '1.0.1', link: :key)
# # Will link `specific_package` in `"specific_package": "1.0.1"` # # Will link `specific_package` in `"specific_package": "1.0.1"`
def link_json(key, value = nil, link: :value, &url_proc) def link_json(key, value = nil, link: :value, &url_proc)
key = regexp_for_value(key, default: /[^"]+/) key = regexp_for_value(key, default: /[^" ]+/)
value = regexp_for_value(value, default: /[^"]+/) value = regexp_for_value(value, default: /[^" ]+/)
if link == :value if link == :value
value = /(?<name>#{value})/ value = /(?<name>#{value})/
......
...@@ -24,12 +24,16 @@ describe Gitlab::DependencyLinker::PackageJsonLinker, lib: true do ...@@ -24,12 +24,16 @@ describe Gitlab::DependencyLinker::PackageJsonLinker, lib: true do
"url": "https://github.com/vuejs/vue.git" "url": "https://github.com/vuejs/vue.git"
}, },
"homepage": "https://github.com/vuejs/vue#readme", "homepage": "https://github.com/vuejs/vue#readme",
"scripts": {
"karma": "karma start config/karma.config.js --single-run"
},
"dependencies": { "dependencies": {
"primus": "*", "primus": "*",
"async": "~0.8.0", "async": "~0.8.0",
"express": "4.2.x", "express": "4.2.x",
"bigpipe": "bigpipe/pagelet", "bigpipe": "bigpipe/pagelet",
"plates": "https://github.com/flatiron/plates/tarball/master" "plates": "https://github.com/flatiron/plates/tarball/master",
"karma": "^1.4.1"
}, },
"devDependencies": { "devDependencies": {
"vows": "^0.7.0", "vows": "^0.7.0",
...@@ -69,6 +73,7 @@ describe Gitlab::DependencyLinker::PackageJsonLinker, lib: true do ...@@ -69,6 +73,7 @@ describe Gitlab::DependencyLinker::PackageJsonLinker, lib: true do
expect(subject).to include(link('express', 'https://npmjs.com/package/express')) expect(subject).to include(link('express', 'https://npmjs.com/package/express'))
expect(subject).to include(link('bigpipe', 'https://npmjs.com/package/bigpipe')) expect(subject).to include(link('bigpipe', 'https://npmjs.com/package/bigpipe'))
expect(subject).to include(link('plates', 'https://npmjs.com/package/plates')) expect(subject).to include(link('plates', 'https://npmjs.com/package/plates'))
expect(subject).to include(link('karma', 'https://npmjs.com/package/karma'))
expect(subject).to include(link('vows', 'https://npmjs.com/package/vows')) expect(subject).to include(link('vows', 'https://npmjs.com/package/vows'))
expect(subject).to include(link('assume', 'https://npmjs.com/package/assume')) expect(subject).to include(link('assume', 'https://npmjs.com/package/assume'))
expect(subject).to include(link('pre-commit', 'https://npmjs.com/package/pre-commit')) expect(subject).to include(link('pre-commit', 'https://npmjs.com/package/pre-commit'))
...@@ -81,5 +86,9 @@ describe Gitlab::DependencyLinker::PackageJsonLinker, lib: true do ...@@ -81,5 +86,9 @@ describe Gitlab::DependencyLinker::PackageJsonLinker, lib: true do
it 'links Git repos' do it 'links Git repos' do
expect(subject).to include(link('https://github.com/flatiron/plates/tarball/master', 'https://github.com/flatiron/plates/tarball/master')) expect(subject).to include(link('https://github.com/flatiron/plates/tarball/master', 'https://github.com/flatiron/plates/tarball/master'))
end end
it 'does not link scripts with the same key as a package' do
expect(subject).not_to include(link('karma start config/karma.config.js --single-run', 'https://github.com/karma start config/karma.config.js --single-run'))
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment