1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Ci::Maskable, feature_category: :secrets_management do
let(:variable) { build(:ci_variable) }
describe 'masked value validations' do
subject { variable }
context 'when variable is masked and expanded' do
before do
subject.masked = true
subject.raw = false
end
it { is_expected.not_to allow_value('hello').for(:value) }
it { is_expected.not_to allow_value('hello world').for(:value) }
it { is_expected.not_to allow_value('hello$VARIABLEworld').for(:value) }
it { is_expected.not_to allow_value('hello\rworld').for(:value) }
it { is_expected.to allow_value('helloworld').for(:value) }
end
context 'when method :raw is not defined' do
let(:test_var_class) do
Struct.new(:masked?) do
include ActiveModel::Validations
include Ci::Maskable
end
end
let(:variable) { test_var_class.new(true) }
it 'evaluates masked variables as expanded' do
expect(subject).not_to be_masked_and_raw
expect(subject).to be_masked_and_expanded
end
end
context 'when variable is masked and raw' do
before do
subject.masked = true
subject.raw = true
end
it { is_expected.not_to allow_value('hello').for(:value) }
it { is_expected.not_to allow_value('hello world').for(:value) }
it { is_expected.to allow_value('hello\rworld').for(:value) }
it { is_expected.to allow_value('hello$VARIABLEworld').for(:value) }
it { is_expected.to allow_value('helloworld!!!').for(:value) }
it { is_expected.to allow_value('hell******world').for(:value) }
it { is_expected.to allow_value('helloworld123').for(:value) }
end
context 'when variable is not masked' do
before do
subject.masked = false
end
it { is_expected.to allow_value('hello').for(:value) }
it { is_expected.to allow_value('hello world').for(:value) }
it { is_expected.to allow_value('hello$VARIABLEworld').for(:value) }
it { is_expected.to allow_value('hello\rworld').for(:value) }
it { is_expected.to allow_value('helloworld').for(:value) }
end
end
describe 'Regexes' do
context 'with MASK_AND_RAW_REGEX' do
subject { Ci::Maskable::MASK_AND_RAW_REGEX }
it 'does not match strings shorter than 8 letters' do
expect(subject.match?('hello')).to eq(false)
end
it 'does not match strings with spaces' do
expect(subject.match?('hello world')).to eq(false)
end
it 'does not match strings that span more than one line' do
string = <<~EOS
hello
world
EOS
expect(subject.match?(string)).to eq(false)
end
it 'matches valid strings' do
expect(subject.match?('hello$VARIABLEworld')).to eq(true)
expect(subject.match?('Hello+World_123/@:-~.')).to eq(true)
expect(subject.match?('hello\rworld')).to eq(true)
expect(subject.match?('HelloWorld%#^')).to eq(true)
end
end
context 'with REGEX' do
subject { Ci::Maskable::REGEX }
it 'does not match strings shorter than 8 letters' do
expect(subject.match?('hello')).to eq(false)
end
it 'does not match strings with spaces' do
expect(subject.match?('hello world')).to eq(false)
end
it 'does not match strings with shell variables' do
expect(subject.match?('hello$VARIABLEworld')).to eq(false)
end
it 'does not match strings with escape characters' do
expect(subject.match?('hello\rworld')).to eq(false)
end
it 'does not match strings that span more than one line' do
string = <<~EOS
hello
world
EOS
expect(subject.match?(string)).to eq(false)
end
it 'does not match strings using unsupported characters' do
expect(subject.match?('HelloWorld%#^')).to eq(false)
end
it 'matches valid strings' do
expect(subject.match?('Hello+World_123/@:-~.')).to eq(true)
end
end
end
describe '#to_runner_variable' do
subject { variable.to_runner_variable }
it 'exposes the masked attribute' do
expect(subject).to include(:masked)
end
end
end
|
