Merge branch 'security-diff-cache-fix-master' into 'security-49085-persistent-xss-rendering'

[master] Include rich_text in diff cache keys See merge request gitlab/gitlabhq!2481

Merge branch 'security-diff-cache-fix-master' into 'security-49085-persistent-xss-rendering'
[master] Include rich_text in diff cache keys See merge request gitlab/gitlabhq!2481
aa73b3e1 · José Iván Vargas López · 81a403f0 · 0d01ac51 · aa73b3e1 · aa73b3e1
Commit aa73b3e1 authored Aug 28, 2018 by José Iván Vargas López
Showing with 16 additions and 7 deletions

lib/gitlab/diff/line.rb lib/gitlab/diff/line.rb +4 -3

spec/lib/gitlab/conflict/file_spec.rb spec/lib/gitlab/conflict/file_spec.rb +0 -4

spec/lib/gitlab/diff/line_spec.rb spec/lib/gitlab/diff/line_spec.rb +12 -0

No files found.
--- a/lib/gitlab/diff/line.rb
+++ b/lib/gitlab/diff/line.rb
 module Gitlab
  module Diff
    class Line
-      SERIALIZE_KEYS = %i(line_code text type index old_pos new_pos).freeze
+      SERIALIZE_KEYS = %i(line_code rich_text text type index old_pos new_pos).freeze
      attr_reader :line_code, :type, :index, :old_pos, :new_pos
      attr_writer :rich_text
      attr_accessor :text
-      def initialize(text, type, index, old_pos, new_pos, parent_file: nil, line_code: nil)
+      def initialize(text, type, index, old_pos, new_pos, parent_file: nil, line_code: nil, rich_text: nil)
        @text, @type, @index = text, type, index
        @old_pos, @new_pos = old_pos, new_pos
        @parent_file = parent_file
+        @rich_text = rich_text
        # When line code is not provided from cache store we build it
        # using the parent_file(Diff::File or Conflict::File).
@@ -18,7 +19,7 @@ module Gitlab
      end
      def self.init_from_hash(hash)
-        new(hash[:text], hash[:type], hash[:index], hash[:old_pos], hash[:new_pos], line_code: hash[:line_code])
+        new(hash[:text], hash[:type], hash[:index], hash[:old_pos], hash[:new_pos], line_code: hash[:line_code], rich_text: hash[:rich_text])
      end
      def to_hash

--- a/spec/lib/gitlab/conflict/file_spec.rb
+++ b/spec/lib/gitlab/conflict/file_spec.rb
@@ -69,10 +69,6 @@ describe Gitlab::Conflict::File do
      CGI.unescapeHTML(ActionView::Base.full_sanitizer.sanitize(html)).delete("\n")
    end
-    it 'modifies the existing lines' do
-      expect { conflict_file.highlight_lines! }.to change { conflict_file.lines.map(&:instance_variables) }
-    end
    it 'is called implicitly when rich_text is accessed on a line' do
      expect(conflict_file).to receive(:highlight_lines!).once.and_call_original

--- a/spec/lib/gitlab/diff/line_spec.rb
+++ b/spec/lib/gitlab/diff/line_spec.rb
 describe Gitlab::Diff::Line do
+  describe '.init_from_hash' do
+    it 'round-trips correctly with to_hash' do
+      line = described_class.new('<input>', 'match', 0, 0, 1,
+                                 parent_file: double(:file),
+                                 line_code: double(:line_code),
+                                 rich_text: '&lt;input&gt;')
+      expect(described_class.init_from_hash(line.to_hash).to_hash)
+        .to eq(line.to_hash)
+    end
+  end
  context "when setting rich text" do
    it 'escapes any HTML special characters in the diff chunk header' do
      subject = described_class.new("<input>", "", 0, 0, 0)