Make sure we're not treating % as wildcard

In respond to: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12267

Make sure we're not treating % as wildcard
In respond to: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/12267
b18f5eb6 · Lin Jen-Shin · 3c6a2957 · b18f5eb6 · b18f5eb6
Commit b18f5eb6 authored Jun 20, 2017 by Lin Jen-Shin
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 3 deletions

app/models/ee/project.rb app/models/ee/project.rb +5 -3

spec/models/project_ee_spec.rb spec/models/project_ee_spec.rb +23 -0

No files found.
--- a/app/models/ee/project.rb
+++ b/app/models/ee/project.rb
@@ -91,9 +91,10 @@ module EE
      where = <<~SQL
        environment_scope IN (:wildcard, :environment_name) OR
          :environment_name LIKE
-            REPLACE(REPLACE(environment_scope, :wildcard, :percent),
-                    :underscore,
-                    :escaped_underscore)
+            REPLACE(REPLACE(REPLACE(environment_scope,
+                                    :underscore, :escaped_underscore),
+                            :percent, :escaped_percent),
+                    :wildcard, :percent)
      SQL

      order = <<~SQL
@@ -108,6 +109,7 @@ module EE
        wildcard: '*',
        environment_name: environment.name,
        percent: '%',
+        escaped_percent: '\\%',
        underscore: '_',
        escaped_underscore: '\\_'
      }

--- a/spec/models/project_ee_spec.rb
+++ b/spec/models/project_ee_spec.rb
@@ -119,6 +119,29 @@ describe Project, models: true do
        end
      end

+      # The environment name and scope cannot have % at the moment,
+      # but we're considering relaxing it and we should also make sure
+      # it doesn't break in case some data sneaked in somehow as we're
+      # not checking this integrity in database level.
+      context 'when environment scope has %' do
+        before do
+          stub_feature(:variable_environment_scope, true)
+        end
+
+        it 'does not treat it as wildcard' do
+          secret_variable.update_attribute(:environment_scope, '*%*')
+
+          is_expected.not_to contain_exactly(secret_variable)
+        end
+
+        it 'matches literally for _' do
+          secret_variable.update(environment_scope: 'foo%bar/*')
+          environment.update_attribute(:name, 'foo%bar/test')
+
+          is_expected.to contain_exactly(secret_variable)
+        end
+      end
+
      context 'when variables with the same name have different environment scopes' do
        let!(:partially_matched_variable) do
          create(:ci_variable,