NPO-Accounting/houdini
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove outdated cve specs

Browse source
This commit is contained in:
Eric Schultz 2021-02-25 13:02:34 -06:00 committed by Eric Schultz
parent 5495f6574a
commit 1048ef6593
4 changed files with 0 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.rubocop.yml
View file

@ -662,9 +662,6 @@ AllCops:
- 'spec/controllers/super_admins_spec.rb' - 'spec/controllers/super_admins_spec.rb'
- 'spec/controllers/recurring_donations_spec.rb' - 'spec/controllers/recurring_donations_spec.rb'
- 'spec/controllers/events_spec.rb' - 'spec/controllers/events_spec.rb'
- 'spec/cve/cve_2015_3226_spec.rb'
- 'spec/cve/cve_2014_2538_spec.rb'
- 'spec/cve/cve_2015_3225_spec.rb'
- 'spec/support/contexts.rb' - 'spec/support/contexts.rb'
- 'spec/support/factory_bot.rb' - 'spec/support/factory_bot.rb'
- 'spec/support/mock_helpers.rb' - 'spec/support/mock_helpers.rb'
@ -672,7 +669,6 @@ AllCops:
- 'spec/support/contexts/shared_donation_charge_context.rb' - 'spec/support/contexts/shared_donation_charge_context.rb'
- 'spec/support/contexts/general_shared_user_context.rb' - 'spec/support/contexts/general_shared_user_context.rb'
- 'spec/support/payments_for_a_payout.rb' - 'spec/support/payments_for_a_payout.rb'
- 'spec/support/expect.rb'
- 'spec/support/test_upload_service.rb' - 'spec/support/test_upload_service.rb'
- 'spec/requests/nonprofits/direct_debit_details_spec.rb' - 'spec/requests/nonprofits/direct_debit_details_spec.rb'
- 'spec/migration/delete_tag_join_spec.rb' - 'spec/migration/delete_tag_join_spec.rb'

19
spec/cve/cve_2014_2538_spec.rb
View file

@ -1,19 +0,0 @@
# frozen_string_literal: true
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
require 'rails_helper'
require 'rack/ssl'
describe Rack::SSL do
describe '.call' do
it 'invalid uri returns 404' do
def test_invalid_uri_returns_404
# Can't test this with Rack::Test because it fails on the URI before it
# even gets to Rack::SSL. Other webservers will pass this URI through.
ssl = Rack::SSL.new(nil)
resp = ssl.call('PATH_INFO' => 'https://example.org/path/<script>')
expect(resp[0]).to eq 404
end
end
end
end

17
spec/cve/cve_2015_3225_spec.rb
View file

@ -1,17 +0,0 @@
# frozen_string_literal: true
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
require 'rails_helper'
describe Rack::Utils do
describe '.parse_nested_query' do
it 'raise an exception if the params are too deep' do
len = Rack::Utils.param_depth_limit
expect { Rack::Utils.parse_nested_query("foo#{'[a]' * len}=bar") }.to raise_error(RangeError)
expect { Rack::Utils.parse_nested_query("foo#{'[a]' * (len - 1)}=bar") }.to_not raise_error
end
end
end

16
spec/cve/cve_2015_3226_spec.rb
View file

@ -1,16 +0,0 @@
# frozen_string_literal: true
# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
require 'rails_helper'
describe ActiveSupport::JSON::Encoding do
it 'test_hash_keys_encoding' do
# from https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ
ActiveSupport.escape_html_entities_in_json = true
expect(ActiveSupport::JSON.encode('<>' => '<>').downcase).to eq '{"\\u003c\\u003e":"\\u003c\\u003e"}'
ensure
ActiveSupport.escape_html_entities_in_json = false
end
end