diff options
author | Douwe Maan <douwe@selenight.nl> | 2019-04-21 12:03:26 +0200 |
---|---|---|
committer | Oswaldo Ferreira <oswaldo@gitlab.com> | 2019-05-30 10:47:31 -0300 |
commit | a9bcddee4c2653cbf2254d893299393e3778e7df (patch) | |
tree | 0c81c5358bce244da7cf9f9f684234a7f4a2dfd0 /spec/requests/api | |
parent | 88241108c4d9807e5c312b11c910b3072bc6f120 (diff) | |
download | gitlab-ce-a9bcddee4c2653cbf2254d893299393e3778e7df.tar.gz |
Protect Gitlab::HTTP against DNS rebinding attack
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
blocked, and then uses the same IP to perform the actual request, while
passing the original hostname in the `Host` header and SSL SNI field.
Diffstat (limited to 'spec/requests/api')
-rw-r--r-- | spec/requests/api/system_hooks_spec.rb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/spec/requests/api/system_hooks_spec.rb b/spec/requests/api/system_hooks_spec.rb index b6e8d74c2e9..0e2f3face71 100644 --- a/spec/requests/api/system_hooks_spec.rb +++ b/spec/requests/api/system_hooks_spec.rb @@ -1,12 +1,14 @@ require 'spec_helper' describe API::SystemHooks do + include StubRequests + let(:user) { create(:user) } let(:admin) { create(:admin) } let!(:hook) { create(:system_hook, url: "http://example.com") } before do - stub_request(:post, hook.url) + stub_full_request(hook.url, method: :post) end describe "GET /hooks" do @@ -68,6 +70,8 @@ describe API::SystemHooks do end it 'sets default values for events' do + stub_full_request('http://mep.mep', method: :post) + post api('/hooks', admin), params: { url: 'http://mep.mep' } expect(response).to have_gitlab_http_status(201) @@ -78,6 +82,8 @@ describe API::SystemHooks do end it 'sets explicit values for events' do + stub_full_request('http://mep.mep', method: :post) + post api('/hooks', admin), params: { url: 'http://mep.mep', |