diff options
author | Hordur Freyr Yngvason <hfyngvason@gitlab.com> | 2019-09-27 13:35:37 +0200 |
---|---|---|
committer | Hordur Freyr Yngvason <hfyngvason@gitlab.com> | 2019-11-21 10:09:57 -0500 |
commit | 729040717e887d33f776497eaefb8b8530dbe130 (patch) | |
tree | 5408aea2e573a7cd12b615031bb5b241952580ab /spec/initializers/rest-client-hostname_override_spec.rb | |
parent | b5ad06174bb1de39438c90847abb86ac6988e944 (diff) | |
download | gitlab-ce-729040717e887d33f776497eaefb8b8530dbe130.tar.gz |
Use Gitlab::HTTP for all chat notifications
Diffstat (limited to 'spec/initializers/rest-client-hostname_override_spec.rb')
-rw-r--r-- | spec/initializers/rest-client-hostname_override_spec.rb | 145 |
1 files changed, 5 insertions, 140 deletions
diff --git a/spec/initializers/rest-client-hostname_override_spec.rb b/spec/initializers/rest-client-hostname_override_spec.rb index 90a0305c9a9..7e36656ba1c 100644 --- a/spec/initializers/rest-client-hostname_override_spec.rb +++ b/spec/initializers/rest-client-hostname_override_spec.rb @@ -3,147 +3,12 @@ require 'spec_helper' describe 'rest-client dns rebinding protection' do - include StubRequests + it_behaves_like 'a request using Gitlab::UrlBlocker' do + let(:http_method) { :get } + let(:url_blocked_error_class) { ArgumentError } - context 'when local requests are not allowed' do - it 'allows an external request with http' do - request_stub = stub_full_request('http://example.com', ip_address: '93.184.216.34') - - RestClient.get('http://example.com/') - - expect(request_stub).to have_been_requested - end - - it 'allows an external request with https' do - request_stub = stub_full_request('https://example.com', ip_address: '93.184.216.34') - - RestClient.get('https://example.com/') - - expect(request_stub).to have_been_requested - end - - it 'raises error when it is a request that resolves to a local address' do - stub_full_request('https://example.com', ip_address: '172.16.0.0') - - expect { RestClient.get('https://example.com') } - .to raise_error(ArgumentError, - "URL 'https://example.com' is blocked: Requests to the local network are not allowed") - end - - it 'raises error when it is a request that resolves to a localhost address' do - stub_full_request('https://example.com', ip_address: '127.0.0.1') - - expect { RestClient.get('https://example.com') } - .to raise_error(ArgumentError, - "URL 'https://example.com' is blocked: Requests to localhost are not allowed") - end - - it 'raises error when it is a request to local address' do - expect { RestClient.get('http://172.16.0.0') } - .to raise_error(ArgumentError, - "URL 'http://172.16.0.0' is blocked: Requests to the local network are not allowed") - end - - it 'raises error when it is a request to localhost address' do - expect { RestClient.get('http://127.0.0.1') } - .to raise_error(ArgumentError, - "URL 'http://127.0.0.1' is blocked: Requests to localhost are not allowed") - end - end - - context 'when port different from URL scheme is used' do - it 'allows the request' do - request_stub = stub_full_request('https://example.com:8080', ip_address: '93.184.216.34') - - RestClient.get('https://example.com:8080/') - - expect(request_stub).to have_been_requested - end - - it 'raises error when it is a request to local address' do - expect { RestClient.get('https://172.16.0.0:8080') } - .to raise_error(ArgumentError, - "URL 'https://172.16.0.0:8080' is blocked: Requests to the local network are not allowed") - end - - it 'raises error when it is a request to localhost address' do - expect { RestClient.get('https://127.0.0.1:8080') } - .to raise_error(ArgumentError, - "URL 'https://127.0.0.1:8080' is blocked: Requests to localhost are not allowed") - end - end - - context 'when DNS rebinding protection is disabled' do - before do - stub_application_setting(dns_rebinding_protection_enabled: false) - end - - it 'allows the request' do - request_stub = stub_request(:get, 'https://example.com') - - RestClient.get('https://example.com/') - - expect(request_stub).to have_been_requested - end - end - - context 'when http(s) proxy environment variable is set' do - before do - stub_env('https_proxy' => 'https://my.proxy') - end - - it 'allows the request' do - request_stub = stub_request(:get, 'https://example.com') - - RestClient.get('https://example.com/') - - expect(request_stub).to have_been_requested - end - end - - context 'when local requests are allowed' do - before do - stub_application_setting(allow_local_requests_from_web_hooks_and_services: true) - end - - it 'allows an external request' do - request_stub = stub_full_request('https://example.com', ip_address: '93.184.216.34') - - RestClient.get('https://example.com/') - - expect(request_stub).to have_been_requested - end - - it 'allows an external request that resolves to a local address' do - request_stub = stub_full_request('https://example.com', ip_address: '172.16.0.0') - - RestClient.get('https://example.com/') - - expect(request_stub).to have_been_requested - end - - it 'allows an external request that resolves to a localhost address' do - request_stub = stub_full_request('https://example.com', ip_address: '127.0.0.1') - - RestClient.get('https://example.com/') - - expect(request_stub).to have_been_requested - end - - it 'allows a local address request' do - request_stub = stub_request(:get, 'http://172.16.0.0') - - RestClient.get('http://172.16.0.0') - - expect(request_stub).to have_been_requested - end - - it 'allows a localhost address request' do - request_stub = stub_request(:get, 'http://127.0.0.1') - - RestClient.get('http://127.0.0.1') - - expect(request_stub).to have_been_requested + def make_request(uri) + RestClient.get(uri) end end end |