Commit 53f4f849 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Add URL validations for generic commit statuses

parent 2e088c06
class GenericCommitStatus < CommitStatus class GenericCommitStatus < CommitStatus
before_validation :set_default_values before_validation :set_default_values
validates :target_url, addressable_url: true,
length: { maximum: 255 },
allow_nil: true
# GitHub compatible API # GitHub compatible API
alias_attribute :context, :name alias_attribute :context, :name
......
...@@ -10,6 +10,13 @@ describe GenericCommitStatus, models: true do ...@@ -10,6 +10,13 @@ describe GenericCommitStatus, models: true do
target_url: external_url) target_url: external_url)
end end
describe 'validations' do
it { is_expected.to validate_length_of(:target_url).is_at_most(255) }
it { is_expected.to allow_value(nil).for(:target_url) }
it { is_expected.to allow_value('http://gitlab.com/s').for(:target_url) }
it { is_expected.not_to allow_value('javascript:alert(1)').for(:target_url) }
end
describe '#context' do describe '#context' do
subject { generic_commit_status.context } subject { generic_commit_status.context }
before { generic_commit_status.context = 'my_context' } before { generic_commit_status.context = 'my_context' }
......
...@@ -152,8 +152,11 @@ describe API::CommitStatuses, api: true do ...@@ -152,8 +152,11 @@ describe API::CommitStatuses, api: true do
context 'with all optional parameters' do context 'with all optional parameters' do
before do before do
optional_params = { state: 'success', context: 'coverage', optional_params = { state: 'success',
ref: 'develop', target_url: 'url', description: 'test' } context: 'coverage',
ref: 'develop',
description: 'test',
target_url: 'http://gitlab.com/status' }
post api(post_url, developer), optional_params post api(post_url, developer), optional_params
end end
...@@ -164,8 +167,8 @@ describe API::CommitStatuses, api: true do ...@@ -164,8 +167,8 @@ describe API::CommitStatuses, api: true do
expect(json_response['status']).to eq('success') expect(json_response['status']).to eq('success')
expect(json_response['name']).to eq('coverage') expect(json_response['name']).to eq('coverage')
expect(json_response['ref']).to eq('develop') expect(json_response['ref']).to eq('develop')
expect(json_response['target_url']).to eq('url')
expect(json_response['description']).to eq('test') expect(json_response['description']).to eq('test')
expect(json_response['target_url']).to eq('http://gitlab.com/status')
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment