spec/lib/gitlab/url_blockers/ip_whitelist_entry_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Gitlab::UrlBlockers::IpWhitelistEntry do
  let(:ipv4) { IPAddr.new('192.168.1.1') }

  describe '#initialize' do
    it 'initializes without port' do
      ip_whitelist_entry = described_class.new(ipv4)

      expect(ip_whitelist_entry.ip).to eq(ipv4)
      expect(ip_whitelist_entry.port).to be(nil)
    end

    it 'initializes with port' do
      port = 8080
      ip_whitelist_entry = described_class.new(ipv4, port: port)

      expect(ip_whitelist_entry.ip).to eq(ipv4)
      expect(ip_whitelist_entry.port).to eq(port)
    end
  end

  describe '#match?' do
    it 'matches with equivalent IP and port' do
      port = 8080
      ip_whitelist_entry = described_class.new(ipv4, port: port)

      expect(ip_whitelist_entry).to be_match(ipv4.to_s, port)
    end

    it 'matches any port when port is nil' do
      ip_whitelist_entry = described_class.new(ipv4)

      expect(ip_whitelist_entry).to be_match(ipv4.to_s, 8080)
      expect(ip_whitelist_entry).to be_match(ipv4.to_s, 9090)
    end

    it 'does not match when port is present but requested_port is nil' do
      ip_whitelist_entry = described_class.new(ipv4, port: 8080)

      expect(ip_whitelist_entry).not_to be_match(ipv4.to_s, nil)
    end

    it 'matches when port and requested_port are nil' do
      ip_whitelist_entry = described_class.new(ipv4)

      expect(ip_whitelist_entry).to be_match(ipv4.to_s)
    end

    it 'works with ipv6' do
      ipv6 = IPAddr.new('fe80::c800:eff:fe74:8')
      ip_whitelist_entry = described_class.new(ipv6)

      expect(ip_whitelist_entry).to be_match(ipv6.to_s, 8080)
    end

    it 'matches ipv4 within IPv4 range' do
      ipv4_range = IPAddr.new('127.0.0.0/28')
      ip_whitelist_entry = described_class.new(ipv4_range)

      expect(ip_whitelist_entry).to be_match(ipv4_range.to_range.last.to_s, 8080)
      expect(ip_whitelist_entry).not_to be_match('127.0.1.1', 8080)
    end

    it 'matches IPv6 within IPv6 range' do
      ipv6_range = IPAddr.new('fd84:6d02:f6d8:c89e::/124')
      ip_whitelist_entry = described_class.new(ipv6_range)

      expect(ip_whitelist_entry).to be_match(ipv6_range.to_range.last.to_s, 8080)
      expect(ip_whitelist_entry).not_to be_match('fd84:6d02:f6d8:f::f', 8080)
    end
  end
end