summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThong Kuah <tkuah@gitlab.com>2019-07-24 22:39:40 +1200
committerDouglas Barbosa Alexandre <dbalexandre@gmail.com>2019-07-29 19:20:30 -0300
commitd6a7408fd319749b9cd47690f03720d1a5c088ca (patch)
tree97fc6230a007aadf679b686a9fe9d8fedbd59897
parent46ef495488d46932b18353739342d503288e0eea (diff)
downloadgitlab-ce-d6a7408fd319749b9cd47690f03720d1a5c088ca.tar.gz
Explicitly reject non http(s) schemes
Rather than relying on NoMethodError deep inside faraday
-rw-r--r--lib/container_registry/client.rb5
-rw-r--r--spec/lib/container_registry/blob_spec.rb19
2 files changed, 22 insertions, 2 deletions
diff --git a/lib/container_registry/client.rb b/lib/container_registry/client.rb
index c3a19af7a94..82810ea4076 100644
--- a/lib/container_registry/client.rb
+++ b/lib/container_registry/client.rb
@@ -82,7 +82,10 @@ module ContainerRegistry
def redirect_response(location)
return unless location
- faraday_redirect.get(location)
+ uri = URI(@base_uri).merge(location)
+ raise ArgumentError, "Invalid scheme for #{location}" unless %w[http https].include?(uri.scheme)
+
+ faraday_redirect.get(uri)
end
def faraday
diff --git a/spec/lib/container_registry/blob_spec.rb b/spec/lib/container_registry/blob_spec.rb
index ec5addc7c68..be7be2f3719 100644
--- a/spec/lib/container_registry/blob_spec.rb
+++ b/spec/lib/container_registry/blob_spec.rb
@@ -112,11 +112,28 @@ describe ContainerRegistry::Blob do
end
end
+ context 'for a relative address' do
+ before do
+ stub_request(:get, 'http://registry.gitlab/relative')
+ .with { |request| !request.headers.include?('Authorization') }
+ .to_return(
+ status: 200,
+ headers: { 'Content-Type' => 'application/json' },
+ body: '{"key":"value"}')
+ end
+
+ let(:location) { '/relative' }
+
+ it 'returns correct data' do
+ expect(blob.data).to eq '{"key":"value"}'
+ end
+ end
+
context 'for invalid file' do
let(:location) { 'file:///etc/passwd' }
it 'raises an error' do
- expect { blob.data }.to raise_error(NoMethodError, %q{undefined method `request_uri' for #<URI::File file:///etc/passwd>})
+ expect { blob.data }.to raise_error(ArgumentError, 'Invalid scheme for file:///etc/passwd')
end
end
end