diff options
Diffstat (limited to 'spec/lib/gitlab')
-rw-r--r-- | spec/lib/gitlab/http_connection_adapter_spec.rb | 38 | ||||
-rw-r--r-- | spec/lib/gitlab/url_blocker_spec.rb | 64 |
2 files changed, 99 insertions, 3 deletions
diff --git a/spec/lib/gitlab/http_connection_adapter_spec.rb b/spec/lib/gitlab/http_connection_adapter_spec.rb index 8b8097f4885..fac0c1a2a9f 100644 --- a/spec/lib/gitlab/http_connection_adapter_spec.rb +++ b/spec/lib/gitlab/http_connection_adapter_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Gitlab::HTTPConnectionAdapter do +RSpec.describe Gitlab::HTTPConnectionAdapter, feature_category: :shared do include StubRequests let(:uri) { URI('https://example.org') } @@ -111,6 +111,42 @@ RSpec.describe Gitlab::HTTPConnectionAdapter do end end + context 'when proxy is enabled' do + before do + stub_env('http_proxy', 'http://proxy.example.com') + end + + it 'proxy stays configured' do + expect(connection.proxy?).to be true + expect(connection.proxy_from_env?).to be true + expect(connection.proxy_address).to eq('proxy.example.com') + end + + context 'when no_proxy matches the request' do + before do + stub_env('no_proxy', 'example.org') + end + + it 'proxy is disabled' do + expect(connection.proxy?).to be false + expect(connection.proxy_from_env?).to be false + expect(connection.proxy_address).to be nil + end + end + + context 'when no_proxy does not match the request' do + before do + stub_env('no_proxy', 'example.com') + end + + it 'proxy stays configured' do + expect(connection.proxy?).to be true + expect(connection.proxy_from_env?).to be true + expect(connection.proxy_address).to eq('proxy.example.com') + end + end + end + context 'when URL scheme is not HTTP/HTTPS' do let(:uri) { URI('ssh://example.org') } diff --git a/spec/lib/gitlab/url_blocker_spec.rb b/spec/lib/gitlab/url_blocker_spec.rb index 7b6c89b5dd3..7d3060b005e 100644 --- a/spec/lib/gitlab/url_blocker_spec.rb +++ b/spec/lib/gitlab/url_blocker_spec.rb @@ -7,6 +7,9 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh let(:schemes) { %w[http https] } + # This test ensures backward compatibliity for the validate! method. + # We shoud refactor all callers of validate! to handle a Result object: + # https://gitlab.com/gitlab-org/gitlab/-/issues/410890 describe '#validate!' do let(:options) { { schemes: schemes } } @@ -21,6 +24,36 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh end end + context 'when the URL hostname is a domain' do + context 'when domain can be resolved' do + let(:import_url) { 'https://example.org' } + + before do + stub_dns(import_url, ip_address: '93.184.216.34') + end + + it_behaves_like 'validates URI and hostname' do + let(:expected_uri) { 'https://93.184.216.34' } + let(:expected_hostname) { 'example.org' } + let(:expected_use_proxy) { false } + end + end + end + end + + describe '#validate_url_with_proxy!' do + let(:options) { { schemes: schemes } } + + subject { described_class.validate_url_with_proxy!(import_url, **options) } + + shared_examples 'validates URI and hostname' do + it 'runs the url validations' do + expect(subject.uri).to eq(Addressable::URI.parse(expected_uri)) + expect(subject.hostname).to eq(expected_hostname) + expect(subject.use_proxy).to eq(expected_use_proxy) + end + end + shared_context 'when instance configured to deny all requests' do before do allow(Gitlab::CurrentSettings).to receive(:current_application_settings?).and_return(true) @@ -94,6 +127,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { nil } let(:expected_hostname) { nil } + let(:expected_use_proxy) { true } end it_behaves_like 'a URI exempt from `deny_all_requests_except_allowed`' @@ -109,6 +143,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { 'http://127.0.0.1' } let(:expected_hostname) { 'localhost' } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI exempt from `deny_all_requests_except_allowed`' @@ -146,6 +181,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { 'http://127.0.0.1:9000/external-diffs/merge_request_diffs/mr-1/diff-1' } let(:expected_hostname) { 'review-minio-svc.svc' } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI exempt from `deny_all_requests_except_allowed`' @@ -157,6 +193,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { 'http://127.0.0.1:9000/external-diffs/merge_request_diffs/mr-1/diff-1' } let(:expected_hostname) { nil } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI exempt from `deny_all_requests_except_allowed`' @@ -240,6 +277,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { 'https://93.184.216.34' } let(:expected_hostname) { 'example.org' } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI denied by `deny_all_requests_except_allowed`' @@ -260,12 +298,25 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh let(:import_url) { 'http://foobar.x' } before do - allow(Gitlab).to receive(:http_proxy_env?).and_return(true) + stub_env('http_proxy', 'http://proxy.example.com') end it_behaves_like 'validates URI and hostname' do let(:expected_uri) { import_url } let(:expected_hostname) { nil } + let(:expected_use_proxy) { true } + end + + context 'with no_proxy' do + before do + stub_env('no_proxy', 'foobar.x') + end + + it_behaves_like 'validates URI and hostname' do + let(:expected_uri) { import_url } + let(:expected_hostname) { nil } + let(:expected_use_proxy) { false } + end end end end @@ -285,6 +336,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { import_url } let(:expected_hostname) { nil } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI denied by `deny_all_requests_except_allowed`' @@ -312,18 +364,20 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { 'http://192.168.0.120:9121/scrape?target=unix:///var/opt/gitlab/redis/redis.socket&check-keys=*' } let(:expected_hostname) { 'a.192.168.0.120.3times.127.0.0.1.1time.repeat.rebind.network' } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI exempt from `deny_all_requests_except_allowed`' context 'with HTTP_PROXY' do before do - allow(Gitlab).to receive(:http_proxy_env?).and_return(true) + stub_env('http_proxy', 'http://proxy.example.com') end it_behaves_like 'validates URI and hostname' do let(:expected_uri) { import_url } let(:expected_hostname) { nil } + let(:expected_use_proxy) { true } end context 'when domain is in no_proxy env' do @@ -334,6 +388,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { 'http://192.168.0.120:9121/scrape?target=unix:///var/opt/gitlab/redis/redis.socket&check-keys=*' } let(:expected_hostname) { 'a.192.168.0.120.3times.127.0.0.1.1time.repeat.rebind.network' } + let(:expected_use_proxy) { false } end end end @@ -348,6 +403,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { import_url } let(:expected_hostname) { nil } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI exempt from `deny_all_requests_except_allowed`' @@ -364,6 +420,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { import_url } let(:expected_hostname) { nil } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI denied by `deny_all_requests_except_allowed`' @@ -375,6 +432,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { import_url } let(:expected_hostname) { nil } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI denied by `deny_all_requests_except_allowed`' @@ -387,6 +445,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { import_url } let(:expected_hostname) { nil } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI denied by `deny_all_requests_except_allowed`' @@ -397,6 +456,7 @@ RSpec.describe Gitlab::UrlBlocker, :stub_invalid_dns_only, feature_category: :sh it_behaves_like 'validates URI and hostname' do let(:expected_uri) { import_url } let(:expected_hostname) { nil } + let(:expected_use_proxy) { false } end it_behaves_like 'a URI denied by `deny_all_requests_except_allowed`' |