debian-mirror-gitlab/spec/lib/gitlab/untrusted_regexp/ruby_syntax_spec.rb

121 lines
3.5 KiB
Ruby
Raw Normal View History

2019-12-04 20:38:33 +05:30
# frozen_string_literal: true
2019-04-03 18:18:56 +05:30
require 'fast_spec_helper'
2020-03-13 15:44:24 +05:30
require 'support/shared_examples/lib/gitlab/malicious_regexp_shared_examples'
2019-07-07 11:18:12 +05:30
require 'support/helpers/stub_feature_flags'
2019-04-03 18:18:56 +05:30
2020-07-28 23:09:34 +05:30
RSpec.describe Gitlab::UntrustedRegexp::RubySyntax do
2019-04-03 18:18:56 +05:30
describe '.matches_syntax?' do
it 'returns true if regexp is valid' do
expect(described_class.matches_syntax?('/some .* thing/'))
.to be true
end
it 'returns true if regexp is invalid, but resembles regexp' do
expect(described_class.matches_syntax?('/some ( thing/'))
.to be true
end
end
describe '.valid?' do
it 'returns true if regexp is valid' do
expect(described_class.valid?('/some .* thing/'))
.to be true
end
it 'returns false if regexp is invalid' do
expect(described_class.valid?('/some ( thing/'))
.to be false
end
end
describe '.fabricate' do
context 'when regexp is valid' do
it 'fabricates regexp without flags' do
expect(described_class.fabricate('/some .* thing/')).not_to be_nil
end
end
2019-07-07 11:18:12 +05:30
context 'when regexp is empty' do
it 'fabricates regexp correctly' do
expect(described_class.fabricate('//')).not_to be_nil
end
end
2019-04-03 18:18:56 +05:30
context 'when regexp is a raw pattern' do
it 'returns error' do
expect(described_class.fabricate('some .* thing')).to be_nil
end
end
end
describe '.fabricate!' do
2019-07-07 11:18:12 +05:30
context 'safe regexp is used' do
context 'when regexp is using /regexp/ scheme with flags' do
it 'fabricates regexp with a single flag' do
regexp = described_class.fabricate!('/something/i')
expect(regexp).to eq Gitlab::UntrustedRegexp.new('(?i)something')
expect(regexp.scan('SOMETHING')).to be_one
end
2019-04-03 18:18:56 +05:30
2019-07-07 11:18:12 +05:30
it 'fabricates regexp with multiple flags' do
regexp = described_class.fabricate!('/something/im')
expect(regexp).to eq Gitlab::UntrustedRegexp.new('(?im)something')
end
it 'fabricates regexp without flags' do
regexp = described_class.fabricate!('/something/')
expect(regexp).to eq Gitlab::UntrustedRegexp.new('something')
end
2019-04-03 18:18:56 +05:30
end
2019-07-07 11:18:12 +05:30
end
2019-04-03 18:18:56 +05:30
2019-07-07 11:18:12 +05:30
context 'when unsafe regexp is used' do
include StubFeatureFlags
2019-04-03 18:18:56 +05:30
2019-07-07 11:18:12 +05:30
before do
stub_feature_flags(allow_unsafe_ruby_regexp: true)
allow(Gitlab::UntrustedRegexp).to receive(:new).and_raise(RegexpError)
2019-05-18 00:54:41 +05:30
end
2019-07-07 11:18:12 +05:30
context 'when no fallback is enabled' do
it 'raises an exception' do
expect { described_class.fabricate!('/something/') }
.to raise_error(RegexpError)
end
end
context 'when fallback is used' do
it 'fabricates regexp with a single flag' do
regexp = described_class.fabricate!('/something/i', fallback: true)
expect(regexp).to eq Regexp.new('something', Regexp::IGNORECASE)
end
it 'fabricates regexp with multiple flags' do
regexp = described_class.fabricate!('/something/im', fallback: true)
expect(regexp).to eq Regexp.new('something', Regexp::IGNORECASE | Regexp::MULTILINE)
end
it 'fabricates regexp without flags' do
regexp = described_class.fabricate!('/something/', fallback: true)
2019-04-03 18:18:56 +05:30
2019-07-07 11:18:12 +05:30
expect(regexp).to eq Regexp.new('something')
end
2019-04-03 18:18:56 +05:30
end
end
context 'when regexp is a raw pattern' do
it 'raises an error' do
expect { described_class.fabricate!('some .* thing') }
.to raise_error(RegexpError)
end
end
end
end