Master broken related to tracing and sanitizing
Job #196646764 failed for c1badc81:
1) Geo::RepositoryDeletedEventStore#create! behaves like a Geo event store when running on a primary node when file subject is not on local store creates an event
# No file subject defined, skipping
# ./ee/spec/support/shared_examples/geo_event_store_shared_examples.rb:36
Failures:
1) ProjectTracingSetting#external_url sanitizes the url
Failure/Error: expect(tracing_setting.external_url).to eq("https://replaceme.com/'>")
expected: "https://replaceme.com/'>"
got: "https://replaceme.com/'>alert(document.cookie)"
(compared using ==)
# ./ee/spec/models/project_tracing_setting_spec.rb:32:in `block (3 levels) in <top (required)>'
Finished in 23 minutes 1 second (files took 17.48 seconds to load)
1168 examples, 1 failure, 1 pending
Job #196645856 failed for 87355319:
1) projects/settings/operations/show Operations > Tracing with project.tracing_external_url with malicious external_url sanitizes external_url
Failure/Error: expect(rendered).to have_link('Tracing', href: cleaned_url)
expected to find visible link "Tracing" but there were no matches. Also found "\nTracing\n\n\n", which matched the selector but not all filters.
# ./ee/spec/views/projects/settings/operations/show.html.haml_spec.rb:46:in `block (5 levels) in <top (required)>'
2) SanitizeTracingExternalUrl#up correctly sanitizes project_tracing_settings external_url
Failure/Error: expect(project_tracing_settings.order(:id).pluck(:external_url)).to match_array([cleaned_url, valid_url])
expected collection contained: ["https://replaceme.com/", "https://replaceme.com/'>"]
actual collection contained: ["https://replaceme.com/", "https://replaceme.com/'>alert(document.cookie)"]
the missing elements were: ["https://replaceme.com/'>"]
the extra elements were: ["https://replaceme.com/'>alert(document.cookie)"]
# ./ee/spec/migrations/sanitize_tracing_external_url_spec.rb:29:in `block (3 levels) in <top (required)>'
Edited by Lin Jen-Shin