Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Branch: stable-4.1
Branches Tags
zammad
/
spec
/
models
/
package_spec.rb

package_spec.rb 2.2 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. # Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. RSpec.describe Package, type: :model do
    6. 

  6.   let(:package_zpm_files_json) do
    7. 

  7.     <<-JSON
    8. 

  8.       [
    9. 

  9.         {
    10. 

  10.           "permission": "644",
    11. 

  11.           "location": "example.rb",
    12. 

  12.           "content": "YWJjw6TDtsO8w58="
    13. 

  13.         },
    14. 

  14.         {
    15. 

  15.           "permission": "644",
    16. 

  16.           "location": "app/controllers/test_controller.rb",
    17. 

  17.           "content": "YWJjw6TDtsO8w58="
    18. 

  18.         }
    19. 

  19.       ]
    20. 

  20.     JSON
    21. 

  21.   end
    22. 

  22.   let(:package_zpm_json) do
    23. 

  23.     <<-JSON
    24. 

  24.     {
    25. 

  25.       "name": "UnitTestSample",
    26. 

  26.       "version": "1.0.1",
    27. 

  27.       "vendor": "Zammad Foundation",
    28. 

  28.       "license": "ABC",
    29. 

  29.       "url": "https://zammad.org/",
    30. 

  30.       "description": [
    31. 

  31.         {
    32. 

  32.           "language": "en",
    33. 

  33.           "text": "some description"
    34. 

  34.         }
    35. 

  35.       ],
    36. 

  36.       "files": #{package_zpm_files_json}
    37. 

  37.     }
    38. 

  38.     JSON
    39. 

  39.   end
    40. 

  40. 

  41.   context 'with different file locations' do
    42. 

  42.     context 'with correct file locations' do
    43. 

  43.       it 'installation should work' do
    44. 

  44.         expect(described_class.install(string: package_zpm_json)).to be_truthy
    45. 

  45.       end
    46. 

  46.     end
    47. 

  47. 

  48.     shared_examples 'check not allowed file location' do |file_location|
    49. 

  49.       let(:package_zpm_files_json) do
    50. 

  50.         <<-JSON
    51. 

  51.           [
    52. 

  52.             {
    53. 

  53.               "permission": "644",
    54. 

  54.               "location": "example.rb",
    55. 

  55.               "content": "YWJjw6TDtsO8w58="
    56. 

  56.             },
    57. 

  57.             {
    58. 

  58.               "permission": "644",
    59. 

  59.               "location": "#{file_location}",
    60. 

  60.               "content": "YWJjw6TDtsO8w58="
    61. 

  61.             }
    62. 

  62.           ]
    63. 

  63.         JSON
    64. 

  64.       end
    65. 

  65. 

  66.       it 'installation should raise a error and package/store should not be present, because of not allowed file location' do
    67. 

  67.         expect { described_class.install(string: package_zpm_json) }
    68. 

  68.           .to raise_error(RuntimeError)
    69. 

  69.           .and change(described_class, :count).by(0)
    70. 

  70.           .and change(Store, :count).by(0)
    71. 

  71.       end
    72. 

  72.     end
    73. 

  73. 

  74.     context "with not allowed file location part: '..'" do
    75. 

  75.       include_examples 'check not allowed file location', '../../../../../tmp/test_controller.rb'
    76. 

  76.     end
    77. 

  77. 

  78.     context "with not allowed file location part: '%2e%2e'" do
    79. 

  79.       include_examples 'check not allowed file location', '%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/tmp/test_controller.rb'
    80. 

  80.     end
    81. 

  81.   end
    82. 

  82. end
    83.