diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-01 09:01:19 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-01 09:01:47 +0000 |
commit | 8d628223c41aabc9d42af95cce1193becffa1b0f (patch) | |
tree | 9e352a20e7179861431cd7cfc3c45fe5d87bfb49 /spec/lib | |
parent | 33844e18d2b83dec384549802e4efb20ae964223 (diff) | |
download | gitlab-ce-8d628223c41aabc9d42af95cce1193becffa1b0f.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-8-stable-ee
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/gitlab/url_blocker_spec.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/spec/lib/gitlab/url_blocker_spec.rb b/spec/lib/gitlab/url_blocker_spec.rb index f466d117851..686382dc262 100644 --- a/spec/lib/gitlab/url_blocker_spec.rb +++ b/spec/lib/gitlab/url_blocker_spec.rb @@ -91,6 +91,21 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only do end end + context 'DNS rebinding protection with IP allowed' do + let(:import_url) { 'http://a.192.168.0.120.3times.127.0.0.1.1time.repeat.rebind.network:9121/scrape?target=unix:///var/opt/gitlab/redis/redis.socket&check-keys=*' } + + before do + stub_dns(import_url, ip_address: '192.168.0.120') + + allow(Gitlab::UrlBlockers::UrlAllowlist).to receive(:ip_allowed?).and_return(true) + end + + it_behaves_like 'validates URI and hostname' do + let(:expected_uri) { 'http://192.168.0.120:9121/scrape?target=unix:///var/opt/gitlab/redis/redis.socket&check-keys=*' } + let(:expected_hostname) { 'a.192.168.0.120.3times.127.0.0.1.1time.repeat.rebind.network' } + end + end + context 'disabled DNS rebinding protection' do subject { described_class.validate!(import_url, dns_rebind_protection: false) } |