Remove outdated cve specs

2021-02-25 13:02:34 -06:00 · 2021-02-25 13:02:34 -06:00 · 1048ef6593
commit 1048ef6593
parent 5495f6574a
4 changed files with 0 additions and 56 deletions
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -662,9 +662,6 @@ AllCops:
    - 'spec/controllers/super_admins_spec.rb'
    - 'spec/controllers/recurring_donations_spec.rb'
    - 'spec/controllers/events_spec.rb'
-    - 'spec/cve/cve_2015_3226_spec.rb'
-    - 'spec/cve/cve_2014_2538_spec.rb'
-    - 'spec/cve/cve_2015_3225_spec.rb'
    - 'spec/support/contexts.rb'
    - 'spec/support/factory_bot.rb'
    - 'spec/support/mock_helpers.rb'
@ -672,7 +669,6 @@ AllCops:
    - 'spec/support/contexts/shared_donation_charge_context.rb'
    - 'spec/support/contexts/general_shared_user_context.rb'
    - 'spec/support/payments_for_a_payout.rb'
-    - 'spec/support/expect.rb'
    - 'spec/support/test_upload_service.rb'
    - 'spec/requests/nonprofits/direct_debit_details_spec.rb'
    - 'spec/migration/delete_tag_join_spec.rb'
--- a/spec/cve/cve_2014_2538_spec.rb
+++ b/spec/cve/cve_2014_2538_spec.rb
@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
-# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
-require 'rails_helper'
-require 'rack/ssl'
-describe Rack::SSL do
-  describe '.call' do
-    it 'invalid uri returns 404' do
-      def test_invalid_uri_returns_404
-        # Can't test this with Rack::Test because it fails on the URI before it
-        # even gets to Rack::SSL. Other webservers will pass this URI through.
-        ssl  = Rack::SSL.new(nil)
-        resp = ssl.call('PATH_INFO' => 'https://example.org/path/<script>')
-        expect(resp[0]).to eq 404
-      end
-    end
-  end
-end
--- a/spec/cve/cve_2015_3225_spec.rb
+++ b/spec/cve/cve_2015_3225_spec.rb
@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
-# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
-require 'rails_helper'
-
-describe Rack::Utils do
-  describe '.parse_nested_query' do
-    it 'raise an exception if the params are too deep' do
-      len = Rack::Utils.param_depth_limit
-
-      expect { Rack::Utils.parse_nested_query("foo#{'[a]' * len}=bar") }.to raise_error(RangeError)
-
-      expect { Rack::Utils.parse_nested_query("foo#{'[a]' * (len - 1)}=bar") }.to_not raise_error
-    end
-  end
-end
--- a/spec/cve/cve_2015_3226_spec.rb
+++ b/spec/cve/cve_2015_3226_spec.rb
@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
-# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
-require 'rails_helper'
-
-describe ActiveSupport::JSON::Encoding do
-  it 'test_hash_keys_encoding' do
-    # from https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ
-
-    ActiveSupport.escape_html_entities_in_json = true
-    expect(ActiveSupport::JSON.encode('<>' => '<>').downcase).to eq '{"\\u003c\\u003e":"\\u003c\\u003e"}'
-  ensure
-    ActiveSupport.escape_html_entities_in_json = false
-  end
-end