Главная Обзор Помощь
Вход
SMusatov
/
zammad
зеркало из https://github.com/zammad/zammad.git
1
0
Ответвить 0
Файлы
Дерево: 96ba50d555
Ветки Метки
zammad
/
spec
/
models
/
package_spec.rb

package_spec.rb 2.2 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. # Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. RSpec.describe Package, type: :model do
    6. 

  6.   let(:package_zpm_files_json) do
    7. 

  7.     <<-JSON
    8. 

  8.       [
    9. 

  9.         {
    10. 

  10.           "permission": "644",
    11. 

  11.           "location": "example.rb",
    12. 

  12.           "content": "YWJjw6TDtsO8w58="
    13. 

  13.         },
    14. 

  14.         {
    15. 

  15.           "permission": "644",
    16. 

  16.           "location": "app/controllers/test_controller.rb",
    17. 

  17.           "content": "YWJjw6TDtsO8w58="
    18. 

  18.         }
    19. 

  19.       ]
    20. 

  20.     JSON
    21. 

  21.   end
    22. 

  22.   let(:package_zpm_json) do
    23. 

  23.     <<-JSON
    24. 

  24.     {
    25. 

  25.       "name": "UnitTestSample",
    26. 

  26.       "version": "1.0.1",
    27. 

  27.       "vendor": "Zammad Foundation",
    28. 

  28.       "license": "ABC",
    29. 

  29.       "url": "https://zammad.org/",
    30. 

  30.       "description": [
    31. 

  31.         {
    32. 

  32.           "language": "en",
    33. 

  33.           "text": "some description"
    34. 

  34.         }
    35. 

  35.       ],
    36. 

  36.       "files": #{package_zpm_files_json}
    37. 

  37.     }
    38. 

  38.     JSON
    39. 

  39.   end
    40. 

  40. 

  41.   context 'with different file locations' do
    42. 

  42.     context 'with correct file locations' do
    43. 

  43.       it 'installation should work' do
    44. 

  44.         expect(described_class.install(string: package_zpm_json)).to be_truthy
    45. 

  45.       end
    46. 

  46.     end
    47. 

  47. 

  48.     shared_examples 'check not allowed file location' do |file_location|
    49. 

  49.       let(:package_zpm_files_json) do
    50. 

  50.         <<-JSON
    51. 

  51.           [
    52. 

  52.             {
    53. 

  53.               "permission": "644",
    54. 

  54.               "location": "example.rb",
    55. 

  55.               "content": "YWJjw6TDtsO8w58="
    56. 

  56.             },
    57. 

  57.             {
    58. 

  58.               "permission": "644",
    59. 

  59.               "location": "#{file_location}",
    60. 

  60.               "content": "YWJjw6TDtsO8w58="
    61. 

  61.             }
    62. 

  62.           ]
    63. 

  63.         JSON
    64. 

  64.       end
    65. 

  65. 

  66.       it 'installation should raise a error and package/store should not be present, because of not allowed file location' do
    67. 

  67.         expect { described_class.install(string: package_zpm_json) }
    68. 

  68.           .to raise_error(RuntimeError)
    69. 

  69.           .and change(described_class, :count).by(0)
    70. 

  70.           .and change(Store, :count).by(0)
    71. 

  71.       end
    72. 

  72.     end
    73. 

  73. 

  74.     context "with not allowed file location part: '..'" do
    75. 

  75.       include_examples 'check not allowed file location', '../../../../../tmp/test_controller.rb'
    76. 

  76.     end
    77. 

  77. 

  78.     context "with not allowed file location part: '%2e%2e'" do
    79. 

  79.       include_examples 'check not allowed file location', '%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/tmp/test_controller.rb'
    80. 

  80.     end
    81. 

  81.   end
    82. 

  82. end
    83.