debian-mirror-gitlab/spec/lib/gitlab/rack_attack/request_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

309 lines
8.4 KiB
Ruby
Raw Normal View History

2021-11-11 11:23:49 +05:30
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::RackAttack::Request do
2021-11-18 22:05:49 +05:30
using RSpec::Parameterized::TableSyntax
2022-04-04 11:22:00 +05:30
let(:path) { '/' }
let(:env) { {} }
let(:session) { {} }
let(:request) do
::Rack::Attack::Request.new(
env.reverse_merge(
'REQUEST_METHOD' => 'GET',
'PATH_INFO' => Gitlab.config.gitlab.relative_url_root + path,
'rack.input' => StringIO.new,
'rack.session' => session
)
)
end
2021-11-11 11:23:49 +05:30
describe 'FILES_PATH_REGEX' do
subject { described_class::FILES_PATH_REGEX }
it { is_expected.to match('/api/v4/projects/1/repository/files/README') }
it { is_expected.to match('/api/v4/projects/1/repository/files/README?ref=master') }
it { is_expected.to match('/api/v4/projects/1/repository/files/README/blame') }
it { is_expected.to match('/api/v4/projects/1/repository/files/README/raw') }
it { is_expected.to match('/api/v4/projects/some%2Fnested%2Frepo/repository/files/README') }
it { is_expected.not_to match('/api/v4/projects/some/nested/repo/repository/files/README') }
end
2021-11-18 22:05:49 +05:30
2022-04-04 11:22:00 +05:30
describe '#api_request?' do
subject { request.api_request? }
where(:path, :expected) do
'/' | false
'/groups' | false
'/foo/api' | false
'/api' | true
'/api/v4/groups/1' | true
end
with_them do
it { is_expected.to eq(expected) }
context 'when the application is mounted at a relative URL' do
before do
stub_config_setting(relative_url_root: '/gitlab/root')
end
it { is_expected.to eq(expected) }
end
end
end
describe '#api_internal_request?' do
subject { request.api_internal_request? }
where(:path, :expected) do
'/' | false
'/groups' | false
'/api' | false
'/api/v4/groups/1' | false
'/api/v4/internal' | false
'/foo/api/v4/internal' | false
'/api/v4/internal/' | true
'/api/v4/internal/foo' | true
'/api/v1/internal/foo' | true
end
with_them do
it { is_expected.to eq(expected) }
context 'when the application is mounted at a relative URL' do
before do
stub_config_setting(relative_url_root: '/gitlab/root')
end
it { is_expected.to eq(expected) }
end
end
end
describe '#health_check_request?' do
subject { request.health_check_request? }
where(:path, :expected) do
'/' | false
'/groups' | false
'/foo/-/health' | false
'/-/health' | true
'/-/liveness' | true
'/-/readiness' | true
'/-/metrics' | true
'/-/health/foo' | true
'/-/liveness/foo' | true
'/-/readiness/foo' | true
'/-/metrics/foo' | true
end
with_them do
it { is_expected.to eq(expected) }
context 'when the application is mounted at a relative URL' do
before do
stub_config_setting(relative_url_root: '/gitlab/root')
end
it { is_expected.to eq(expected) }
end
end
end
describe '#container_registry_event?' do
subject { request.container_registry_event? }
where(:path, :expected) do
'/' | false
'/groups' | false
'/api/v4/container_registry_event' | false
'/foo/api/v4/container_registry_event/' | false
'/api/v4/container_registry_event/' | true
'/api/v4/container_registry_event/foo' | true
'/api/v1/container_registry_event/foo' | true
end
with_them do
it { is_expected.to eq(expected) }
context 'when the application is mounted at a relative URL' do
before do
stub_config_setting(relative_url_root: '/gitlab/root')
end
it { is_expected.to eq(expected) }
end
end
end
describe '#product_analytics_collector_request?' do
subject { request.product_analytics_collector_request? }
where(:path, :expected) do
'/' | false
'/groups' | false
'/-/collector' | false
'/-/collector/foo' | false
'/foo/-/collector/i' | false
'/-/collector/i' | true
'/-/collector/ifoo' | true
'/-/collector/i/foo' | true
end
with_them do
it { is_expected.to eq(expected) }
context 'when the application is mounted at a relative URL' do
before do
stub_config_setting(relative_url_root: '/gitlab/root')
end
it { is_expected.to eq(expected) }
end
end
end
describe '#should_be_skipped?' do
where(
api_internal_request: [true, false],
health_check_request: [true, false],
container_registry_event: [true, false]
)
with_them do
it 'returns true if any condition is true' do
allow(request).to receive(:api_internal_request?).and_return(api_internal_request)
allow(request).to receive(:health_check_request?).and_return(health_check_request)
allow(request).to receive(:container_registry_event?).and_return(container_registry_event)
expect(request.should_be_skipped?).to be(api_internal_request || health_check_request || container_registry_event)
end
end
end
describe '#web_request?' do
subject { request.web_request? }
where(:path, :expected) do
'/' | true
'/groups' | true
'/foo/api' | true
'/api' | false
'/api/v4/groups/1' | false
end
with_them do
it { is_expected.to eq(expected) }
context 'when the application is mounted at a relative URL' do
before do
stub_config_setting(relative_url_root: '/gitlab/root')
end
it { is_expected.to eq(expected) }
end
end
end
describe '#protected_path?' do
subject { request.protected_path? }
before do
2022-11-25 23:54:43 +05:30
stub_application_setting(
protected_paths: [
'/protected',
'/secure'
])
2022-04-04 11:22:00 +05:30
end
where(:path, :expected) do
'/' | false
'/groups' | false
'/foo/protected' | false
'/foo/secure' | false
'/protected' | true
'/secure' | true
'/secure/' | true
'/secure/foo' | true
end
with_them do
it { is_expected.to eq(expected) }
context 'when the application is mounted at a relative URL' do
before do
stub_config_setting(relative_url_root: '/gitlab/root')
end
it { is_expected.to eq(expected) }
end
end
end
describe '#frontend_request?', :allow_forgery_protection do
subject { request.send(:frontend_request?) }
let(:path) { '/' }
# Define these as local variables so we can use them in the `where` block.
valid_token = SecureRandom.base64(ActionController::RequestForgeryProtection::AUTHENTICITY_TOKEN_LENGTH)
other_token = SecureRandom.base64(ActionController::RequestForgeryProtection::AUTHENTICITY_TOKEN_LENGTH)
where(:session, :env, :expected) do
{} | {} | false # rubocop:disable Lint/BinaryOperatorWithIdenticalOperands
{} | { 'HTTP_X_CSRF_TOKEN' => valid_token } | false
{ _csrf_token: valid_token } | { 'HTTP_X_CSRF_TOKEN' => other_token } | false
{ _csrf_token: valid_token } | { 'HTTP_X_CSRF_TOKEN' => valid_token } | true
end
with_them do
it { is_expected.to eq(expected) }
end
end
2021-11-18 22:05:49 +05:30
describe '#deprecated_api_request?' do
2022-04-04 11:22:00 +05:30
subject { request.send(:deprecated_api_request?) }
2021-11-18 22:05:49 +05:30
2022-04-04 11:22:00 +05:30
let(:env) { { 'QUERY_STRING' => query } }
2021-11-18 22:05:49 +05:30
where(:path, :query, :expected) do
'/' | '' | false
'/api/v4/groups/1/' | '' | true
'/api/v4/groups/1' | '' | true
'/api/v4/groups/foo/' | '' | true
'/api/v4/groups/foo' | '' | true
'/api/v4/groups/1' | 'with_projects=' | true
'/api/v4/groups/1' | 'with_projects=1' | true
'/api/v4/groups/1' | 'with_projects=0' | false
'/foo/api/v4/groups/1' | '' | false
'/api/v4/groups/1/foo' | '' | false
'/api/v4/groups/nested%2Fgroup' | '' | true
end
with_them do
it { is_expected.to eq(expected) }
2022-04-04 11:22:00 +05:30
context 'when the application is mounted at a relative URL' do
before do
stub_config_setting(relative_url_root: '/gitlab/root')
end
it { is_expected.to eq(expected) }
end
2021-11-18 22:05:49 +05:30
end
end
2021-11-11 11:23:49 +05:30
end