diff options
author | Douwe Maan <douwe@selenight.nl> | 2019-04-21 12:03:26 +0200 |
---|---|---|
committer | Oswaldo Ferreira <oswaldo@gitlab.com> | 2019-05-30 10:47:31 -0300 |
commit | a9bcddee4c2653cbf2254d893299393e3778e7df (patch) | |
tree | 0c81c5358bce244da7cf9f9f684234a7f4a2dfd0 /spec/services/submit_usage_ping_service_spec.rb | |
parent | 88241108c4d9807e5c312b11c910b3072bc6f120 (diff) | |
download | gitlab-ce-a9bcddee4c2653cbf2254d893299393e3778e7df.tar.gz |
Protect Gitlab::HTTP against DNS rebinding attack
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
blocked, and then uses the same IP to perform the actual request, while
passing the original hostname in the `Host` header and SSL SNI field.
Diffstat (limited to 'spec/services/submit_usage_ping_service_spec.rb')
-rw-r--r-- | spec/services/submit_usage_ping_service_spec.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/spec/services/submit_usage_ping_service_spec.rb b/spec/services/submit_usage_ping_service_spec.rb index 78df9bf96bf..653f17a4324 100644 --- a/spec/services/submit_usage_ping_service_spec.rb +++ b/spec/services/submit_usage_ping_service_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' describe SubmitUsagePingService do + include StubRequests + context 'when usage ping is disabled' do before do stub_application_setting(usage_ping_enabled: false) @@ -99,7 +101,7 @@ describe SubmitUsagePingService do end def stub_response(body) - stub_request(:post, 'https://version.gitlab.com/usage_data') + stub_full_request('https://version.gitlab.com/usage_data', method: :post) .to_return( headers: { 'Content-Type' => 'application/json' }, body: body.to_json |