Maintenance: Add note attribute sanitization to not yet checked models.
This commit is contained in:
parent
5e4084d908
commit
d32ea5e0d3
40 changed files with 106 additions and 4 deletions
|
@ -1,9 +1,13 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
class Chat < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
|
||||
validates :name, presence: true
|
||||
store :preferences
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
=begin
|
||||
|
||||
get the customer state of a chat
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
class EmailAddress < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksLatestChangeObserved
|
||||
include HasCollectionUpdate
|
||||
|
||||
|
@ -16,6 +17,8 @@ class EmailAddress < ApplicationModel
|
|||
after_update :update_email_address_id
|
||||
before_destroy :delete_group_reference
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
collection_push_permission('ticket.agent')
|
||||
|
||||
=begin
|
||||
|
|
|
@ -4,6 +4,7 @@ class Group < ApplicationModel
|
|||
include CanBeImported
|
||||
include HasActivityStreamLog
|
||||
include ChecksClientNotification
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksLatestChangeObserved
|
||||
include HasHistory
|
||||
include HasObjectManagerAttributesValidation
|
||||
|
@ -16,5 +17,7 @@ class Group < ApplicationModel
|
|||
|
||||
validates :name, presence: true
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
activity_stream_permission 'admin.group'
|
||||
end
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
class History::Object < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
|
||||
sanitized_html :note
|
||||
end
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
class Job < ApplicationModel
|
||||
include ChecksClientNotification
|
||||
include ChecksConditionValidation
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksPerformValidation
|
||||
|
||||
include Job::Assets
|
||||
|
@ -15,6 +16,8 @@ class Job < ApplicationModel
|
|||
before_create :updated_matching, :update_next_run_at
|
||||
before_update :updated_matching, :update_next_run_at
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
=begin
|
||||
|
||||
verify each job if needed to run (e. g. if true and times are matching) and execute it
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
class Link::Object < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
|
||||
validates :name, presence: true
|
||||
|
||||
sanitized_html :note
|
||||
end
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
class Link::Type < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
|
||||
validates :name, presence: true
|
||||
|
||||
sanitized_html :note
|
||||
end
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class Macro < ApplicationModel
|
||||
include ChecksClientNotification
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksLatestChangeObserved
|
||||
include CanSeed
|
||||
include HasCollectionUpdate
|
||||
|
@ -12,5 +13,7 @@ class Macro < ApplicationModel
|
|||
|
||||
has_and_belongs_to_many :groups, after_add: :cache_update, after_remove: :cache_update, class_name: 'Group'
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
collection_push_permission('ticket.agent')
|
||||
end
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
class Notification < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
|
||||
sanitized_html :note
|
||||
end
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class Permission < ApplicationModel
|
||||
include ChecksClientNotification
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksLatestChangeObserved
|
||||
include HasCollectionUpdate
|
||||
|
||||
|
@ -9,6 +10,8 @@ class Permission < ApplicationModel
|
|||
validates :name, presence: true
|
||||
store :preferences
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
=begin
|
||||
|
||||
permissions = Permission.with_parents('some_key.sub_key')
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
class PostmasterFilter < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
|
||||
store :perform
|
||||
store :match
|
||||
validates :name, presence: true
|
||||
|
@ -8,6 +10,8 @@ class PostmasterFilter < ApplicationModel
|
|||
before_create :validate_condition
|
||||
before_update :validate_condition
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
def validate_condition
|
||||
raise Exceptions::UnprocessableEntity, 'Min. one match rule needed!' if match.blank?
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ class Role < ApplicationModel
|
|||
include CanBeImported
|
||||
include HasActivityStreamLog
|
||||
include ChecksClientNotification
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksLatestChangeObserved
|
||||
include HasGroups
|
||||
include HasCollectionUpdate
|
||||
|
@ -29,6 +30,8 @@ class Role < ApplicationModel
|
|||
|
||||
activity_stream_permission 'admin.role'
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
=begin
|
||||
|
||||
grant permission to role
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
class Scheduler < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
|
||||
extend ::Mixin::StartFinishLogger
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
# rubocop:disable Style/ClassVars
|
||||
@@jobs_started = {}
|
||||
# rubocop:enable Style/ClassVars
|
||||
|
|
|
@ -8,7 +8,7 @@ class Signature < ApplicationModel
|
|||
has_many :groups, after_add: :cache_update, after_remove: :cache_update
|
||||
validates :name, presence: true
|
||||
|
||||
sanitized_html :body
|
||||
sanitized_html :body, :note
|
||||
|
||||
collection_push_permission('ticket.agent')
|
||||
end
|
||||
|
|
|
@ -2,6 +2,10 @@
|
|||
|
||||
class Store < ApplicationModel
|
||||
class Object < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
|
||||
validates :name, presence: true
|
||||
|
||||
sanitized_html :note
|
||||
end
|
||||
end
|
||||
|
|
|
@ -11,7 +11,7 @@ class TextModule < ApplicationModel
|
|||
before_create :validate_content
|
||||
before_update :validate_content
|
||||
|
||||
sanitized_html :content
|
||||
sanitized_html :content, :note
|
||||
|
||||
csv_delete_possible true
|
||||
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
class Ticket::Article::Sender < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksLatestChangeObserved
|
||||
include HasCollectionUpdate
|
||||
|
||||
validates :name, presence: true
|
||||
|
||||
sanitized_html :note
|
||||
end
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
class Ticket::Article::Type < ApplicationModel
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksLatestChangeObserved
|
||||
include HasCollectionUpdate
|
||||
|
||||
validates :name, presence: true
|
||||
|
||||
sanitized_html :note
|
||||
end
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class Ticket::Priority < ApplicationModel
|
||||
include CanBeImported
|
||||
include ChecksHtmlSanitized
|
||||
include HasCollectionUpdate
|
||||
include HasSearchIndexBackend
|
||||
|
||||
|
@ -12,6 +13,8 @@ class Ticket::Priority < ApplicationModel
|
|||
after_update :ensure_defaults
|
||||
after_destroy :ensure_defaults
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
attr_accessor :callback_loop
|
||||
|
||||
def ensure_defaults
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class Ticket::State < ApplicationModel
|
||||
include CanBeImported
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksLatestChangeObserved
|
||||
include HasCollectionUpdate
|
||||
include HasSearchIndexBackend
|
||||
|
@ -15,6 +16,8 @@ class Ticket::State < ApplicationModel
|
|||
|
||||
validates :name, presence: true
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
attr_accessor :callback_loop
|
||||
|
||||
=begin
|
||||
|
|
|
@ -2,9 +2,12 @@
|
|||
|
||||
class Ticket::StateType < ApplicationModel
|
||||
include CanBeImported
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksLatestChangeObserved
|
||||
|
||||
has_many :states, class_name: 'Ticket::State', inverse_of: :state_type
|
||||
|
||||
validates :name, presence: true
|
||||
|
||||
sanitized_html :note
|
||||
end
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class Trigger < ApplicationModel
|
||||
include ChecksConditionValidation
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksPerformValidation
|
||||
include CanSeed
|
||||
|
||||
|
@ -10,4 +11,6 @@ class Trigger < ApplicationModel
|
|||
store :condition
|
||||
store :perform
|
||||
validates :name, presence: true
|
||||
|
||||
sanitized_html :note
|
||||
end
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
class Webhook < ApplicationModel
|
||||
include ChecksClientNotification
|
||||
include ChecksHtmlSanitized
|
||||
include ChecksLatestChangeObserved
|
||||
include HasCollectionUpdate
|
||||
|
||||
|
@ -10,6 +11,8 @@ class Webhook < ApplicationModel
|
|||
validates :name, presence: true
|
||||
validate :validate_endpoint
|
||||
|
||||
sanitized_html :note
|
||||
|
||||
private
|
||||
|
||||
def validate_endpoint
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
require 'rails_helper'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Chat, type: :model do
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :chat
|
||||
|
||||
describe 'website whitelisting' do
|
||||
let(:chat) { create(:chat, whitelisted_websites: 'zammad.org') }
|
||||
|
|
|
@ -2,11 +2,13 @@
|
|||
|
||||
require 'rails_helper'
|
||||
require 'models/concerns/has_collection_update_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe EmailAddress, type: :model do
|
||||
subject(:email_address) { create(:email_address) }
|
||||
|
||||
it_behaves_like 'HasCollectionUpdate', collection_factory: :email_address
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :email_address
|
||||
|
||||
describe 'Attributes:' do
|
||||
describe '#active' do
|
||||
|
|
|
@ -6,6 +6,7 @@ require 'models/concerns/can_be_imported_examples'
|
|||
require 'models/concerns/has_object_manager_attributes_validation_examples'
|
||||
require 'models/concerns/has_collection_update_examples'
|
||||
require 'models/concerns/has_ticket_create_screen_impact_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Group, type: :model do
|
||||
it_behaves_like 'ApplicationModel'
|
||||
|
@ -13,4 +14,5 @@ RSpec.describe Group, type: :model do
|
|||
it_behaves_like 'HasObjectManagerAttributesValidation'
|
||||
it_behaves_like 'HasCollectionUpdate', collection_factory: :group
|
||||
it_behaves_like 'HasTicketCreateScreenImpact', create_screen_factory: :group
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :group
|
||||
end
|
||||
|
|
|
@ -2,11 +2,13 @@
|
|||
|
||||
require 'rails_helper'
|
||||
require 'models/application_model_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Job, type: :model do
|
||||
subject(:job) { create(:job) }
|
||||
|
||||
it_behaves_like 'ApplicationModel', can_assets: { selectors: %i[condition perform] }
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :job
|
||||
|
||||
describe 'Class methods:' do
|
||||
describe '.run' do
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
require 'rails_helper'
|
||||
require 'models/concerns/has_collection_update_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Macro, type: :model do
|
||||
it_behaves_like 'HasCollectionUpdate', collection_factory: :macro
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :macro
|
||||
end
|
||||
|
|
|
@ -2,9 +2,11 @@
|
|||
|
||||
require 'rails_helper'
|
||||
require 'models/concerns/has_collection_update_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Permission, type: :model do
|
||||
it_behaves_like 'HasCollectionUpdate', collection_factory: :permission
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :permission
|
||||
|
||||
describe '.with_parents' do
|
||||
context 'when given a simple string (no dots)' do
|
||||
|
|
|
@ -6,6 +6,7 @@ require 'models/concerns/can_be_imported_examples'
|
|||
require 'models/concerns/has_groups_examples'
|
||||
require 'models/concerns/has_collection_update_examples'
|
||||
require 'models/concerns/has_ticket_create_screen_impact_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Role do
|
||||
subject(:role) { create(:role) }
|
||||
|
@ -15,6 +16,7 @@ RSpec.describe Role do
|
|||
it_behaves_like 'HasGroups', group_access_factory: :role
|
||||
it_behaves_like 'HasCollectionUpdate', collection_factory: :role
|
||||
it_behaves_like 'HasTicketCreateScreenImpact', create_screen_factory: :role
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :role
|
||||
|
||||
describe 'Default state' do
|
||||
describe 'of whole table:' do
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
require 'rails_helper'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Scheduler do
|
||||
|
||||
let(:test_backend_name) { 'SpecSpace::DelayedJobBackend' }
|
||||
let(:test_backend_class) do
|
||||
Class.new do
|
||||
def self.start
|
||||
|
@ -22,11 +22,14 @@ RSpec.describe Scheduler do
|
|||
end
|
||||
end
|
||||
end
|
||||
let(:test_backend_name) { 'SpecSpace::DelayedJobBackend' }
|
||||
|
||||
before do
|
||||
stub_const test_backend_name, test_backend_class
|
||||
end
|
||||
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :scheduler
|
||||
|
||||
describe '.failed_jobs' do
|
||||
|
||||
it 'does list failed jobs' do
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
require 'rails_helper'
|
||||
require 'models/concerns/has_collection_update_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Signature, type: :model do
|
||||
it_behaves_like 'HasCollectionUpdate', collection_factory: :signature
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :signature
|
||||
end
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
require 'rails_helper'
|
||||
require 'models/concerns/has_collection_update_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Ticket::Article::Sender, type: :model do
|
||||
it_behaves_like 'HasCollectionUpdate', collection_factory: :ticket_article_sender
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :ticket_article_sender
|
||||
end
|
||||
|
|
|
@ -2,7 +2,9 @@
|
|||
|
||||
require 'rails_helper'
|
||||
require 'models/concerns/has_collection_update_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Ticket::Article::Type, type: :model do
|
||||
it_behaves_like 'HasCollectionUpdate', collection_factory: :ticket_article_type
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :ticket_article_type
|
||||
end
|
||||
|
|
|
@ -4,11 +4,13 @@ require 'rails_helper'
|
|||
require 'models/application_model_examples'
|
||||
require 'models/concerns/can_be_imported_examples'
|
||||
require 'models/concerns/has_collection_update_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Ticket::Priority, type: :model do
|
||||
it_behaves_like 'ApplicationModel'
|
||||
it_behaves_like 'CanBeImported'
|
||||
it_behaves_like 'HasCollectionUpdate', collection_factory: :ticket_priority
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :ticket_priority
|
||||
|
||||
describe 'Default state' do
|
||||
describe 'of whole table:' do
|
||||
|
|
|
@ -4,11 +4,13 @@ require 'rails_helper'
|
|||
require 'models/application_model_examples'
|
||||
require 'models/concerns/can_be_imported_examples'
|
||||
require 'models/concerns/has_collection_update_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Ticket::State, type: :model do
|
||||
it_behaves_like 'ApplicationModel'
|
||||
it_behaves_like 'CanBeImported'
|
||||
it_behaves_like 'HasCollectionUpdate', collection_factory: :ticket_state
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :ticket_state
|
||||
|
||||
describe 'Default state' do
|
||||
describe 'of whole table:' do
|
||||
|
|
|
@ -3,8 +3,10 @@
|
|||
require 'rails_helper'
|
||||
require 'models/application_model_examples'
|
||||
require 'models/concerns/can_be_imported_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Ticket::StateType, type: :model do
|
||||
it_behaves_like 'ApplicationModel'
|
||||
it_behaves_like 'CanBeImported'
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :'ticket/state_type'
|
||||
end
|
||||
|
|
|
@ -2,11 +2,13 @@
|
|||
|
||||
require 'rails_helper'
|
||||
require 'models/application_model_examples'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Trigger, type: :model do
|
||||
subject(:trigger) { create(:trigger, condition: condition, perform: perform) }
|
||||
|
||||
it_behaves_like 'ApplicationModel', can_assets: { selectors: %i[condition perform] }
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :trigger
|
||||
|
||||
describe 'validation' do
|
||||
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
require 'rails_helper'
|
||||
require 'models/concerns/has_xss_sanitized_note_examples'
|
||||
|
||||
RSpec.describe Webhook, type: :model do
|
||||
|
||||
it_behaves_like 'HasXssSanitizedNote', model_factory: :webhook
|
||||
|
||||
describe 'check endpoint' do
|
||||
subject(:webhook) { build(:webhook, endpoint: endpoint) }
|
||||
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
||||
|
||||
require 'rails_helper'
|
||||
require 'byebug'
|
||||
|
||||
RSpec.describe 'Text Module', type: :request do
|
||||
|
||||
|
|
Loading…
Reference in a new issue