2021-01-29 00:20:46 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2023-03-04 22:38:38 +05:30
|
|
|
RSpec.describe 'User sends malformed strings', feature_category: :user_management do
|
2021-01-29 00:20:46 +05:30
|
|
|
include GitHttpHelpers
|
|
|
|
|
|
|
|
let(:null_byte) { "\u0000" }
|
|
|
|
let(:invalid_string) { "mal\xC0formed" }
|
|
|
|
|
|
|
|
it 'raises a 400 error with a null byte' do
|
|
|
|
post '/nonexistent', params: { a: "A #{null_byte} nasty string" }
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:bad_request)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises a 400 error with an invalid string' do
|
|
|
|
post '/nonexistent', params: { a: "A #{invalid_string} nasty string" }
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:bad_request)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'raises a 400 error with null bytes in the auth headers' do
|
|
|
|
clone_get("project/path", user: "hello#{null_byte}", password: "nothing to see")
|
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(:bad_request)
|
|
|
|
end
|
|
|
|
end
|