remote: Use `GetURLAndResolveConfig()`

In `updateRemoteMirror()` use `GetURLAndResolveConfig()` to get the
configPair and modified URL to avoid DNS rebinding. Unfortunately,
because of the structure of the code, the `git.Cmd` is not exposed on
this level, which means the added code is not testable.

1 files changed, 15 insertions, 2 deletions

diff --git a/internal/gitaly/service/remote/update_remote_mirror.go b/internal/gitaly/service/remote/update_remote_mirror.go
index 63cad5be2..eff0189fc 100644
--- a/internal/gitaly/service/remote/update_remote_mirror.go
+++ b/internal/gitaly/service/remote/update_remote_mirror.go
@@ -71,10 +71,23 @@ func (s *server) updateRemoteMirror(stream gitalypb.RemoteService_UpdateRemoteMi
 	}
 	remoteName := "inmemory-" + remoteSuffix
 
-	remoteConfig := []git.ConfigPair{
-		{Key: fmt.Sprintf("remote.%s.url", remoteName), Value: remote.GetUrl()},
+	var remoteConfig []git.ConfigPair
+	remoteURL := remote.GetUrl()
+
+	if resolvedAddress := remote.GetResolvedAddress(); resolvedAddress != "" {
+		modifiedURL, resolveConfig, err := git.GetURLAndResolveConfig(remoteURL, resolvedAddress)
+		if err != nil {
+			return fmt.Errorf("couldn't get curloptResolve config: %w", err)
+		}
+
+		remoteURL = modifiedURL
+		remoteConfig = append(remoteConfig, resolveConfig...)
 	}
 
+	remoteConfig = append(remoteConfig, git.ConfigPair{
+		Key: fmt.Sprintf("remote.%s.url", remoteName), Value: remoteURL,
+	})
+
 	if authHeader := remote.GetHttpAuthorizationHeader(); authHeader != "" {
 		remoteConfig = append(remoteConfig, git.ConfigPair{
 			Key:   fmt.Sprintf("http.%s.extraHeader", remote.GetUrl()),