diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-13 18:13:52 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-13 18:13:52 +0300 |
commit | 191f3b52a9e0caa72f4e6f7224f0830ba3976d59 (patch) | |
tree | a65aa3f913284ca1cddba74fd9673261b899f031 /gems | |
parent | df592d51aeadc1b566abb600e283341876a8f064 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'gems')
-rw-r--r-- | gems/gitlab-http/lib/gitlab/http_v2/url_blocker.rb | 9 | ||||
-rw-r--r-- | gems/gitlab-http/spec/gitlab/http_v2/url_blocker_spec.rb | 13 |
2 files changed, 20 insertions, 2 deletions
diff --git a/gems/gitlab-http/lib/gitlab/http_v2/url_blocker.rb b/gems/gitlab-http/lib/gitlab/http_v2/url_blocker.rb index 878daf42d8a..99876c77953 100644 --- a/gems/gitlab-http/lib/gitlab/http_v2/url_blocker.rb +++ b/gems/gitlab-http/lib/gitlab/http_v2/url_blocker.rb @@ -7,6 +7,7 @@ require_relative 'url_allowlist' module Gitlab module HTTP_V2 class UrlBlocker + GETADDRINFO_TIMEOUT_SECONDS = 15 BlockedUrlError = Class.new(StandardError) HTTP_PROXY_ENV_VARS = %w[http_proxy https_proxy HTTP_PROXY HTTPS_PROXY].freeze @@ -192,9 +193,13 @@ module Gitlab # # @return [Array<Addrinfo>] def get_address_info(uri) - Addrinfo.getaddrinfo(uri.hostname, get_port(uri), nil, :STREAM).map do |addr| - addr.ipv6_v4mapped? ? addr.ipv6_to_ipv4 : addr + Timeout.timeout(GETADDRINFO_TIMEOUT_SECONDS) do + Addrinfo.getaddrinfo(uri.hostname, get_port(uri), nil, :STREAM).map do |addr| + addr.ipv6_v4mapped? ? addr.ipv6_to_ipv4 : addr + end end + rescue Timeout::Error => e + raise Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError, e.message rescue ArgumentError => e # Addrinfo.getaddrinfo errors if the domain exceeds 1024 characters. raise unless e.message.include?('hostname too long') diff --git a/gems/gitlab-http/spec/gitlab/http_v2/url_blocker_spec.rb b/gems/gitlab-http/spec/gitlab/http_v2/url_blocker_spec.rb index e47098e6f74..904fed9baef 100644 --- a/gems/gitlab-http/spec/gitlab/http_v2/url_blocker_spec.rb +++ b/gems/gitlab-http/spec/gitlab/http_v2/url_blocker_spec.rb @@ -214,6 +214,19 @@ RSpec.describe Gitlab::HTTP_V2::UrlBlocker, :stub_invalid_dns_only, feature_cate end end + context 'when resolving runs into a timeout' do + let(:import_url) { 'http://example.com' } + + before do + stub_const("#{described_class}::GETADDRINFO_TIMEOUT_SECONDS", 1) + allow(Addrinfo).to receive(:getaddrinfo) { sleep 2 } + end + + it 'raises an error due to DNS timeout' do + expect { subject }.to raise_error(Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError, "execution expired") + end + end + context 'when the URL hostname is a domain' do context 'when domain can be resolved' do let(:import_url) { 'https://example.org' } |