diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-09-20 14:18:08 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-09-20 14:18:08 +0300 |
| commit | 5afcbe03ead9ada87621888a31a62652b10a7e4f (patch) | |
| tree | 9918b67a0d0f0bafa6542e839a8be37adf73102d /gems/gitlab-http/spec/gitlab/http_v2/new_connection_adapter_spec.rb | |
| parent | c97c0201564848c1f53226fe19d71fdcc472f7d0 (diff) | |
Add latest changes from gitlab-org/gitlab@16-4-stable-eev16.4.0-rc42
Diffstat (limited to 'gems/gitlab-http/spec/gitlab/http_v2/new_connection_adapter_spec.rb')
| -rw-r--r-- | gems/gitlab-http/spec/gitlab/http_v2/new_connection_adapter_spec.rb | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/gems/gitlab-http/spec/gitlab/http_v2/new_connection_adapter_spec.rb b/gems/gitlab-http/spec/gitlab/http_v2/new_connection_adapter_spec.rb new file mode 100644 index 00000000000..852bafc5557 --- /dev/null +++ b/gems/gitlab-http/spec/gitlab/http_v2/new_connection_adapter_spec.rb @@ -0,0 +1,157 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::HTTP_V2::NewConnectionAdapter, feature_category: :shared do + let(:uri) { URI('https://example.org') } + let(:options) { {} } + + subject(:connection) { described_class.new(uri, options).connection } + + describe '#connection' do + before do + stub_all_dns('https://example.org', ip_address: '93.184.216.34') + end + + context 'when local requests are allowed' do + let(:options) { { allow_local_requests: true } } + + it 'sets up the connection' do + expect(connection).to be_a(Gitlab::HTTP_V2::NetHttpAdapter) + expect(connection.address).to eq('93.184.216.34') + expect(connection.hostname_override).to eq('example.org') + expect(connection.addr_port).to eq('example.org') + expect(connection.port).to eq(443) + end + end + + context 'when local requests are not allowed' do + let(:options) { { allow_local_requests: false } } + + it 'sets up the connection' do + expect(connection).to be_a(Gitlab::HTTP_V2::NetHttpAdapter) + expect(connection.address).to eq('93.184.216.34') + expect(connection.hostname_override).to eq('example.org') + expect(connection.addr_port).to eq('example.org') + expect(connection.port).to eq(443) + end + + context 'when it is a request to local network' do + let(:uri) { URI('http://172.16.0.0/12') } + + it 'raises error' do + expect { subject }.to raise_error( + Gitlab::HTTP_V2::BlockedUrlError, + "URL is blocked: Requests to the local network are not allowed" + ) + end + + context 'when local request allowed' do + let(:options) { { allow_local_requests: true } } + + it 'sets up the connection' do + expect(connection).to be_a(Gitlab::HTTP_V2::NetHttpAdapter) + expect(connection.address).to eq('172.16.0.0') + expect(connection.hostname_override).to be(nil) + expect(connection.addr_port).to eq('172.16.0.0') + expect(connection.port).to eq(80) + end + end + end + + context 'when it is a request to local address' do + let(:uri) { URI('http://127.0.0.1') } + + it 'raises error' do + expect { subject }.to raise_error( + Gitlab::HTTP_V2::BlockedUrlError, + "URL is blocked: Requests to localhost are not allowed" + ) + end + + context 'when local request allowed' do + let(:options) { { allow_local_requests: true } } + + it 'sets up the connection' do + expect(connection).to be_a(Gitlab::HTTP_V2::NetHttpAdapter) + expect(connection.address).to eq('127.0.0.1') + expect(connection.hostname_override).to be(nil) + expect(connection.addr_port).to eq('127.0.0.1') + expect(connection.port).to eq(80) + end + end + end + + context 'when port different from URL scheme is used' do + let(:uri) { URI('https://example.org:8080') } + + it 'sets up the addr_port accordingly' do + expect(connection).to be_a(Gitlab::HTTP_V2::NetHttpAdapter) + expect(connection.address).to eq('93.184.216.34') + expect(connection.hostname_override).to eq('example.org') + expect(connection.addr_port).to eq('example.org:8080') + expect(connection.port).to eq(8080) + end + end + end + + context 'when DNS rebinding protection is disabled' do + let(:options) { { dns_rebinding_protection_enabled: false } } + + it 'sets up the connection' do + expect(connection).to be_a(Gitlab::HTTP_V2::NetHttpAdapter) + expect(connection.address).to eq('example.org') + expect(connection.hostname_override).to eq(nil) + expect(connection.addr_port).to eq('example.org') + expect(connection.port).to eq(443) + end + end + + context 'when proxy is enabled' do + before do + stub_env('http_proxy', 'http://proxy.example.com') + end + + it 'proxy stays configured' do + expect(connection.proxy?).to be true + expect(connection.proxy_from_env?).to be true + expect(connection.proxy_address).to eq('proxy.example.com') + end + + context 'when no_proxy matches the request' do + before do + stub_env('no_proxy', 'example.org') + end + + it 'proxy is disabled' do + expect(connection.proxy?).to be false + expect(connection.proxy_from_env?).to be false + expect(connection.proxy_address).to be nil + end + end + + context 'when no_proxy does not match the request' do + before do + stub_env('no_proxy', 'example.com') + end + + it 'proxy stays configured' do + expect(connection.proxy?).to be true + expect(connection.proxy_from_env?).to be true + expect(connection.proxy_address).to eq('proxy.example.com') + end + end + end + + context 'when URL scheme is not HTTP/HTTPS' do + let(:uri) { URI('ssh://example.org') } + + it 'raises error' do + expect { subject }.to raise_error( + Gitlab::HTTP_V2::BlockedUrlError, + "URL is blocked: Only allowed schemes are http, https" + ) + end + end + end +end |