Maintenance: Improve handling of XSS timeouts in tests.

2022-01-31 16:34:33 +01:00 · 2022-01-31 16:34:33 +01:00 · b40ca87b2a
parent f79e8c72cd
commit b40ca87b2a
3 changed files with 17 additions and 0 deletions
--- a/spec/models/concerns/has_xss_sanitized_note_examples.rb
+++ b/spec/models/concerns/has_xss_sanitized_note_examples.rb
@ -5,6 +5,11 @@ RSpec.shared_examples 'HasXssSanitizedNote' do |model_factory:|
    context 'with injected JS' do
      subject { create(model_factory, note: 'test 123 <script type="text/javascript">alert("XSS!");</script> <b>some text</b>') }

+      before do
+        # XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
+        stub_const("#{HtmlSanitizer}::PROCESSING_TIMEOUT", nil)
+      end
+
      it 'strips out <script> tag with content' do
        expect(subject.note).to eq('test 123  <b>some text</b>')
      end
--- a/spec/models/ticket/article_spec.rb
+++ b/spec/models/ticket/article_spec.rb
@ -85,6 +85,11 @@ RSpec.describe Ticket::Article, type: :model do
    describe 'XSS protection:' do
      subject(:article) { create(:ticket_article, body: body, content_type: 'text/html') }

+      before do
+        # XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
+        stub_const("#{HtmlSanitizer}::PROCESSING_TIMEOUT", nil)
+      end
+
      context 'when body contains only injected JS' do
        let(:body) { <<~RAW.chomp }
          <script type="text/javascript">alert("XSS!");</script> some other text
--- a/test/unit/html_sanitizer_test.rb
+++ b/test/unit/html_sanitizer_test.rb
@ -4,6 +4,11 @@ require 'test_helper'

 class HtmlSanitizerTest < ActiveSupport::TestCase

+  processing_timeout = HtmlSanitizer.const_get(:PROCESSING_TIMEOUT)
+
+  # XSS processing may run into a timeout on slow CI systems, so turn the timeout off for the test.
+  HtmlSanitizer.const_set(:PROCESSING_TIMEOUT, nil)
+
  test 'xss' do
    assert_equal(HtmlSanitizer.strict('<b>123</b>'), '<b>123</b>')
    assert_equal(HtmlSanitizer.strict('<script><b>123</b></script>'), '')
@ -153,4 +158,6 @@ test 123

    assert_equal(HtmlSanitizer.strict('<a href="mailto:testäöü@example.com" id="123">test</a>'), '<a href="mailto:test%C3%A4%C3%B6%C3%BC@example.com">test</a>')
  end
+
+  HtmlSanitizer.const_set(:PROCESSING_TIMEOUT, processing_timeout)
 end