[misc] apply review feedback

- move setting into clsi.docker namespace - rename the variable for images to allowedImages / ALLOWED_IMAGES - add an additional check for the image name into the DockerRunner Co-Authored-By: Brian Gough <brian.gough@overleaf.com>
2020-06-30 12:00:18 +01:00
parent 6edb458910
commit ee0e8066d3
8 changed files with 96 additions and 19 deletions
--- a/test/unit/js/CompileControllerTests.js
+++ b/test/unit/js/CompileControllerTests.js
@@ -306,9 +306,10 @@ describe('CompileController', function() {
        .should.equal(true)
    })

-    describe('when allowedImageNamesFlat is set', function() {
+    describe('when allowedImages is set', function() {
      beforeEach(function() {
-        this.Settings.allowedImageNamesFlat = [
+        this.Settings.clsi = { docker: {} }
+        this.Settings.clsi.docker.allowedImages = [
          'repo/image:tag1',
          'repo/image:tag2'
        ]
--- a/test/unit/js/DockerRunnerTests.js
+++ b/test/unit/js/DockerRunnerTests.js
@@ -273,7 +273,7 @@ describe('DockerRunner', function() {
      })
    })

-    return describe('with image override', function() {
+    describe('with image override', function() {
      beforeEach(function() {
        this.Settings.texliveImageNameOveride = 'overrideimage.com/something'
        this.DockerRunner._runAndWaitForContainer = sinon
@@ -296,6 +296,62 @@ describe('DockerRunner', function() {
        return image.should.equal('overrideimage.com/something/image:2016.2')
      })
    })
+
+    describe('with image restriction', function() {
+      beforeEach(function() {
+        this.Settings.clsi.docker.allowedImages = [
+          'repo/image:tag1',
+          'repo/image:tag2'
+        ]
+        this.DockerRunner._runAndWaitForContainer = sinon
+          .stub()
+          .callsArgWith(3, null, (this.output = 'mock-output'))
+      })
+
+      describe('with a valid image', function() {
+        beforeEach(function() {
+          this.DockerRunner.run(
+            this.project_id,
+            this.command,
+            this.directory,
+            'repo/image:tag1',
+            this.timeout,
+            this.env,
+            this.compileGroup,
+            this.callback
+          )
+        })
+
+        it('should setup the container', function() {
+          this.DockerRunner._getContainerOptions.called.should.equal(true)
+        })
+      })
+
+      describe('with a invalid image', function() {
+        beforeEach(function() {
+          this.DockerRunner.run(
+            this.project_id,
+            this.command,
+            this.directory,
+            'something/different:evil',
+            this.timeout,
+            this.env,
+            this.compileGroup,
+            this.callback
+          )
+        })
+
+        it('should call the callback with an error', function() {
+          const err = new Error('image not allowed')
+          this.callback.called.should.equal(true)
+          this.callback.args[0][0].message.should.equal(err.message)
+        })
+
+        it('should not setup the container', function() {
+          this.DockerRunner._getContainerOptions.called.should.equal(false)
+        })
+      })
+    })
  })

  describe('run with _getOptions', function() {
--- a/test/unit/js/RequestParserTests.js
+++ b/test/unit/js/RequestParserTests.js
@@ -116,7 +116,11 @@ describe('RequestParser', function() {

  describe('when image restrictions are present', function() {
    beforeEach(function() {
-      this.settings.allowedImageNamesFlat = ['repo/name:tag1', 'repo/name:tag2']
+      this.settings.clsi = { docker: {} }
+      this.settings.clsi.docker.allowedImages = [
+        'repo/name:tag1',
+        'repo/name:tag2'
+      ]
    })

    describe('with imageName set to something invalid', function() {