diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-03-04 18:36:50 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-03-04 18:36:50 +0000 |
commit | 03340f0987ac61ef4c884d4730e2fd3cbff113c5 (patch) | |
tree | 6c2fd54002575eaeb700b6979e1214408f77ea64 /spec/lib/gitlab/kubernetes | |
parent | 6412a3e007eef5fa9ee0cdfd288200d4cc2ee06b (diff) | |
parent | af16fd687e2e5b15a63e6e51d76847512ae8ee72 (diff) | |
download | gitlab-ce-03340f0987ac61ef4c884d4730e2fd3cbff113c5.tar.gz |
Merge branch 'security-kubernetes-local-ssrf' into 'master'
Block local URLs for Kubernetes integration
See merge request gitlab/gitlabhq!2901
Diffstat (limited to 'spec/lib/gitlab/kubernetes')
-rw-r--r-- | spec/lib/gitlab/kubernetes/kube_client_spec.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/spec/lib/gitlab/kubernetes/kube_client_spec.rb b/spec/lib/gitlab/kubernetes/kube_client_spec.rb index 02364e92149..978e64c4407 100644 --- a/spec/lib/gitlab/kubernetes/kube_client_spec.rb +++ b/spec/lib/gitlab/kubernetes/kube_client_spec.rb @@ -50,6 +50,36 @@ describe Gitlab::Kubernetes::KubeClient do end end + describe '#initialize' do + shared_examples 'local address' do + it 'blocks local addresses' do + expect { client }.to raise_error(Gitlab::UrlBlocker::BlockedUrlError) + end + + context 'when local requests are allowed' do + before do + stub_application_setting(allow_local_requests_from_hooks_and_services: true) + end + + it 'allows local addresses' do + expect { client }.not_to raise_error + end + end + end + + context 'localhost address' do + let(:api_url) { 'http://localhost:22' } + + it_behaves_like 'local address' + end + + context 'private network address' do + let(:api_url) { 'http://192.168.1.2:3003' } + + it_behaves_like 'local address' + end + end + describe '#core_client' do subject { client.core_client } |