debian-mirror-gitlab/spec/config/application_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

35 lines
1.4 KiB
Ruby
Raw Normal View History

2019-07-07 11:18:12 +05:30
# frozen_string_literal: true
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe Gitlab::Application do # rubocop:disable RSpec/FilePath
2019-07-07 11:18:12 +05:30
using RSpec::Parameterized::TableSyntax
2020-05-24 23:13:21 +05:30
filtered_param = ActiveSupport::ParameterFilter::FILTERED
2019-07-07 11:18:12 +05:30
context 'when parameters are logged' do
describe 'rails does not leak confidential parameters' do
def request_for_url(input_url)
env = Rack::MockRequest.env_for(input_url)
env['action_dispatch.parameter_filter'] = described_class.config.filter_parameters
ActionDispatch::Request.new(env)
end
where(:input_url, :output_query) do
'/' | {}
'/?safe=1' | { 'safe' => '1' }
2020-05-24 23:13:21 +05:30
'/?private_token=secret' | { 'private_token' => filtered_param }
'/?mixed=1&private_token=secret' | { 'mixed' => '1', 'private_token' => filtered_param }
'/?note=secret&noteable=1&prefix_note=2' | { 'note' => filtered_param, 'noteable' => '1', 'prefix_note' => '2' }
'/?note[note]=secret&target_type=1' | { 'note' => filtered_param, 'target_type' => '1' }
'/?safe[note]=secret&target_type=1' | { 'safe' => { 'note' => filtered_param }, 'target_type' => '1' }
2019-07-07 11:18:12 +05:30
end
with_them do
it { expect(request_for_url(input_url).filtered_parameters).to eq(output_query) }
end
end
end
end