diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-09 18:07:59 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-09 18:07:59 +0000 |
commit | 7ebcead8cfd2edb810dd0cbda816b6cfbd170fe3 (patch) | |
tree | 11880c4059c89149cf997e9b958fb6d32c7dbdad /spec/lib/gitlab/url_blocker_spec.rb | |
parent | f1a40d0db939dfe8ff95d385e652ff72566be765 (diff) | |
download | gitlab-ce-7ebcead8cfd2edb810dd0cbda816b6cfbd170fe3.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/lib/gitlab/url_blocker_spec.rb')
-rw-r--r-- | spec/lib/gitlab/url_blocker_spec.rb | 66 |
1 files changed, 11 insertions, 55 deletions
diff --git a/spec/lib/gitlab/url_blocker_spec.rb b/spec/lib/gitlab/url_blocker_spec.rb index 97859c82e9e..f8bfcc6c99a 100644 --- a/spec/lib/gitlab/url_blocker_spec.rb +++ b/spec/lib/gitlab/url_blocker_spec.rb @@ -501,64 +501,20 @@ describe Gitlab::UrlBlocker, :stub_invalid_dns_only do it_behaves_like 'dns rebinding checks' end end - - context 'with ip ranges in whitelist' do - let(:ipv4_range) { '127.0.0.0/28' } - let(:ipv6_range) { 'fd84:6d02:f6d8:c89e::/124' } - - let(:whitelist) do - [ - ipv4_range, - ipv6_range - ] - end - - it 'blocks ipv4 range when not in whitelist' do - stub_application_setting(outbound_local_requests_whitelist: []) - - IPAddr.new(ipv4_range).to_range.to_a.each do |ip| - expect(described_class).to be_blocked_url("http://#{ip}", - url_blocker_attributes) - end - end - - it 'allows all ipv4s in the range when in whitelist' do - IPAddr.new(ipv4_range).to_range.to_a.each do |ip| - expect(described_class).not_to be_blocked_url("http://#{ip}", - url_blocker_attributes) - end - end - - it 'blocks ipv6 range when not in whitelist' do - stub_application_setting(outbound_local_requests_whitelist: []) - - IPAddr.new(ipv6_range).to_range.to_a.each do |ip| - expect(described_class).to be_blocked_url("http://[#{ip}]", - url_blocker_attributes) - end - end - - it 'allows all ipv6s in the range when in whitelist' do - IPAddr.new(ipv6_range).to_range.to_a.each do |ip| - expect(described_class).not_to be_blocked_url("http://[#{ip}]", - url_blocker_attributes) - end - end - - it 'blocks IPs outside the range' do - expect(described_class).to be_blocked_url("http://[fd84:6d02:f6d8:c89e:0:0:1:f]", - url_blocker_attributes) - - expect(described_class).to be_blocked_url("http://127.0.1.15", - url_blocker_attributes) - end - end end end - def stub_domain_resolv(domain, ip, &block) - address = double(ip_address: ip, ipv4_private?: true, ipv6_link_local?: false, ipv4_loopback?: false, ipv6_loopback?: false, ipv4?: false) - allow(Addrinfo).to receive(:getaddrinfo).with(domain, any_args).and_return([address]) + def stub_domain_resolv(domain, ip, port = 80, &block) + address = instance_double(Addrinfo, + ip_address: ip, + ipv4_private?: true, + ipv6_linklocal?: false, + ipv4_loopback?: false, + ipv6_loopback?: false, + ipv4?: false, + ip_port: port + ) + allow(Addrinfo).to receive(:getaddrinfo).with(domain, port, any_args).and_return([address]) allow(address).to receive(:ipv6_v4mapped?).and_return(false) yield |