diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-29 21:34:17 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-08-29 21:34:17 +0000 |
commit | 7d6ec7f7ed19b9093e8ea604d7f024a1e84a847e (patch) | |
tree | ff0d0aed1ff61666a7db1b50077772a26748fec2 /spec | |
parent | b01c7ad291a81bc23d2c3fe7266eaf05de6cb434 (diff) | |
parent | 492a7e753d0ef06458163aecc5ca43892a5acc73 (diff) | |
download | gitlab-ce-7d6ec7f7ed19b9093e8ea604d7f024a1e84a847e.tar.gz |
Merge branch 'security-fix_jira_ssrf_vulnerability' into 'master'
Fix DNS rebind vulnerability for JIRA integration
See merge request gitlab/gitlabhq!3266
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/projects/services_controller_spec.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/spec/controllers/projects/services_controller_spec.rb b/spec/controllers/projects/services_controller_spec.rb index 563b61962cf..180d997a8e8 100644 --- a/spec/controllers/projects/services_controller_spec.rb +++ b/spec/controllers/projects/services_controller_spec.rb @@ -11,6 +11,7 @@ describe Projects::ServicesController do before do sign_in(user) project.add_maintainer(user) + allow(Gitlab::UrlBlocker).to receive(:validate!).and_return([URI.parse('http://example.com'), nil]) end describe '#test' do @@ -56,6 +57,8 @@ describe Projects::ServicesController do stub_request(:get, 'http://example.com/rest/api/2/serverInfo') .to_return(status: 200, body: '{}') + expect(Gitlab::HTTP).to receive(:get).with("/rest/api/2/serverInfo", any_args).and_call_original + put :test, params: { namespace_id: project.namespace, project_id: project, id: service.to_param, service: service_params } expect(response.status).to eq(200) @@ -66,6 +69,8 @@ describe Projects::ServicesController do stub_request(:get, 'http://example.com/rest/api/2/serverInfo') .to_return(status: 200, body: '{}') + expect(Gitlab::HTTP).to receive(:get).with("/rest/api/2/serverInfo", any_args).and_call_original + put :test, params: { namespace_id: project.namespace, project_id: project, id: service.to_param, service: service_params } expect(response.status).to eq(200) |