Skip to content

Check git error msgs to avoid false positives

What does this MR do?

This verifies the error message returned when a push is rejected because of push rules. This ensures that the tests pass because the expected error occurred and not because of some unrelated error.

Specifically, one test expects pushes to be rejected unless commits use a verified email. The error the push returned was:

You are not allowed to push code to protected branches on this project.

And yet the test still passed.

The error should be:

You cannot push commits for 'user@example.com'. You can only push commits that were committed with one of your own verified emails.

  • The test also used a GPG key unnecessarily. The push rule is about verified emails, not GPG-signed commits.
  • This MR also adds brackets for consistency with other code.
  • And moves some repeated checks to a single separate test, for the sake of efficiency (no need to do the same check in every test when the setup doesn't change)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Mark Lapierre

Merge request reports

Loading