Add latest changes from gitlab-org/security/gitlab@15-6-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-30 04:50:46 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-30 04:50:46 +0000
commit: e6572d41b847c839ce49bc022a8cd1b99216798b (patch)
tree: 419eeffb09aafcd9d5a82e43c823b8cfbf88963e /spec/services/projects
parent: 1f6654659564013b8aa4f3572158cb63d3a519c1 (diff)
download: gitlab-ce-e6572d41b847c839ce49bc022a8cd1b99216798b.tar.gz
1 files changed, 148 insertions, 15 deletions
diff --git a/spec/services/projects/import_service_spec.rb b/spec/services/projects/import_service_spec.rb
index 6dc72948541..b3f8980a7bd 100644
--- a/spec/services/projects/import_service_spec.rb
+++ b/spec/services/projects/import_service_spec.rb
@@ -127,30 +127,67 @@ RSpec.describe Projects::ImportService do
           project.import_type = 'bitbucket'
         end
 
-        it 'succeeds if repository import is successful' do
-          expect(project.repository).to receive(:import_repository).and_return(true)
-          expect_next_instance_of(Gitlab::BitbucketImport::Importer) do |importer|
-            expect(importer).to receive(:execute).and_return(true)
+        context 'when importer supports refmap' do
+          before do
+            project.import_type = 'gitea'
           end
 
-          expect_next_instance_of(Projects::LfsPointers::LfsImportService) do |service|
-            expect(service).to receive(:execute).and_return(status: :success)
+          it 'succeeds if repository fetch as mirror is successful' do
+            expect(project).to receive(:ensure_repository)
+            expect(project.repository).to receive(:fetch_as_mirror).with('https://bitbucket.org/vim/vim.git', refmap: Gitlab::LegacyGithubImport::Importer.refmap, resolved_address: '').and_return(true)
+            expect_next_instance_of(Gitlab::LegacyGithubImport::Importer) do |importer|
+              expect(importer).to receive(:execute).and_return(true)
+            end
+
+            expect_next_instance_of(Projects::LfsPointers::LfsImportService) do |service|
+              expect(service).to receive(:execute).and_return(status: :success)
+            end
+
+            result = subject.execute
+
+            expect(result[:status]).to eq :success
           end
 
-          result = subject.execute
+          it 'fails if repository fetch as mirror fails' do
+            expect(project).to receive(:ensure_repository)
+            expect(project.repository)
+              .to receive(:fetch_as_mirror)
+              .and_raise(Gitlab::Git::CommandError, 'Failed to import the repository /a/b/c')
 
-          expect(result[:status]).to eq :success
+            result = subject.execute
+
+            expect(result[:status]).to eq :error
+            expect(result[:message]).to eq "Error importing repository #{project.safe_import_url} into #{project.full_path} - Failed to import the repository [FILTERED]"
+          end
         end
 
-        it 'fails if repository import fails' do
-          expect(project.repository)
-            .to receive(:import_repository)
-            .and_raise(Gitlab::Git::CommandError, 'Failed to import the repository /a/b/c')
+        context 'when importer does not support refmap' do
+          it 'succeeds if repository import is successful' do
+            expect(project.repository).to receive(:import_repository).and_return(true)
+            expect_next_instance_of(Gitlab::BitbucketImport::Importer) do |importer|
+              expect(importer).to receive(:execute).and_return(true)
+            end
 
-          result = subject.execute
+            expect_next_instance_of(Projects::LfsPointers::LfsImportService) do |service|
+              expect(service).to receive(:execute).and_return(status: :success)
+            end
 
-          expect(result[:status]).to eq :error
-          expect(result[:message]).to eq "Error importing repository #{project.safe_import_url} into #{project.full_path} - Failed to import the repository [FILTERED]"
+            result = subject.execute
+
+            expect(result[:status]).to eq :success
+          end
+
+          it 'fails if repository import fails' do
+            expect(project.repository)
+              .to receive(:import_repository)
+              .with('https://bitbucket.org/vim/vim.git', resolved_address: '')
+              .and_raise(Gitlab::Git::CommandError, 'Failed to import the repository /a/b/c')
+
+            result = subject.execute
+
+            expect(result[:status]).to eq :error
+            expect(result[:message]).to eq "Error importing repository #{project.safe_import_url} into #{project.full_path} - Failed to import the repository [FILTERED]"
+          end
         end
 
         context 'when lfs import fails' do
@@ -287,6 +324,102 @@ RSpec.describe Projects::ImportService do
       end
     end
 
+    context 'when DNS rebind protection is disabled' do
+      before do
+        allow(Gitlab::CurrentSettings).to receive(:dns_rebinding_protection_enabled?).and_return(false)
+        project.import_url = "https://example.com/group/project"
+
+        allow(Gitlab::UrlBlocker).to receive(:validate!)
+          .with(project.import_url, ports: Project::VALID_IMPORT_PORTS, schemes: Project::VALID_IMPORT_PROTOCOLS, dns_rebind_protection: false)
+          .and_return([Addressable::URI.parse("https://example.com/group/project"), nil])
+      end
+
+      it 'imports repository with url without additional resolved address' do
+        expect(project.repository).to receive(:import_repository).with('https://example.com/group/project', resolved_address: '').and_return(true)
+
+        expect_next_instance_of(Projects::LfsPointers::LfsImportService) do |service|
+          expect(service).to receive(:execute).and_return(status: :success)
+        end
+
+        result = subject.execute
+
+        expect(result[:status]).to eq(:success)
+      end
+    end
+
+    context 'when DNS rebind protection is enabled' do
+      before do
+        allow(Gitlab::CurrentSettings).to receive(:http_proxy_env?).and_return(false)
+        allow(Gitlab::CurrentSettings).to receive(:dns_rebinding_protection_enabled?).and_return(true)
+      end
+
+      context 'when https url is provided' do
+        before do
+          project.import_url = "https://example.com/group/project"
+
+          allow(Gitlab::UrlBlocker).to receive(:validate!)
+            .with(project.import_url, ports: Project::VALID_IMPORT_PORTS, schemes: Project::VALID_IMPORT_PROTOCOLS, dns_rebind_protection: true)
+            .and_return([Addressable::URI.parse("https://172.16.123.1/group/project"), 'example.com'])
+        end
+
+        it 'imports repository with url and additional resolved address' do
+          expect(project.repository).to receive(:import_repository).with('https://example.com/group/project', resolved_address: '172.16.123.1').and_return(true)
+
+          expect_next_instance_of(Projects::LfsPointers::LfsImportService) do |service|
+            expect(service).to receive(:execute).and_return(status: :success)
+          end
+
+          result = subject.execute
+
+          expect(result[:status]).to eq(:success)
+        end
+      end
+
+      context 'when http url is provided' do
+        before do
+          project.import_url = "http://example.com/group/project"
+
+          allow(Gitlab::UrlBlocker).to receive(:validate!)
+            .with(project.import_url, ports: Project::VALID_IMPORT_PORTS, schemes: Project::VALID_IMPORT_PROTOCOLS, dns_rebind_protection: true)
+            .and_return([Addressable::URI.parse("http://172.16.123.1/group/project"), 'example.com'])
+        end
+
+        it 'imports repository with url and additional resolved address' do
+          expect(project.repository).to receive(:import_repository).with('http://example.com/group/project', resolved_address: '172.16.123.1').and_return(true)
+
+          expect_next_instance_of(Projects::LfsPointers::LfsImportService) do |service|
+            expect(service).to receive(:execute).and_return(status: :success)
+          end
+
+          result = subject.execute
+
+          expect(result[:status]).to eq(:success)
+        end
+      end
+
+      context 'when git address is provided' do
+        before do
+          project.import_url = "git://example.com/group/project.git"
+
+          allow(Gitlab::UrlBlocker).to receive(:validate!)
+            .with(project.import_url, ports: Project::VALID_IMPORT_PORTS, schemes: Project::VALID_IMPORT_PROTOCOLS, dns_rebind_protection: true)
+            .and_return([Addressable::URI.parse("git://172.16.123.1/group/project"), 'example.com'])
+        end
+
+        it 'imports repository with url and without resolved address' do
+          expect(project.repository).to receive(:import_repository).with('git://example.com/group/project.git', resolved_address: '').and_return(true)
+
+          expect_next_instance_of(Projects::LfsPointers::LfsImportService) do |service|
+            expect(service).to receive(:execute).and_return(status: :success)
+          end
+
+          result = subject.execute
+
+          expect(result[:status]).to eq(:success)
+        end
+      end
+    end
+
     it_behaves_like 'measurable service' do
       let(:base_log_data) do
         {
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-30 04:50:46 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-30 04:50:46 +0000
commit	e6572d41b847c839ce49bc022a8cd1b99216798b (patch)
tree	419eeffb09aafcd9d5a82e43c823b8cfbf88963e /spec/services/projects
parent	1f6654659564013b8aa4f3572158cb63d3a519c1 (diff)
download	gitlab-ce-e6572d41b847c839ce49bc022a8cd1b99216798b.tar.gz