diff options
author | Oswaldo Ferreira <oswaldo@gitlab.com> | 2019-05-29 19:43:07 +0300 |
---|---|---|
committer | Oswaldo Ferreira <oswaldo@gitlab.com> | 2019-05-30 16:47:57 +0300 |
commit | a1a0f8e6b017f57060bc94d14fd4d37d8756e47d (patch) | |
tree | 46f1eab56183e4e285d33795102c0e51a3967b9a /spec/lib/gitlab/url_blocker_spec.rb | |
parent | a9bcddee4c2653cbf2254d893299393e3778e7df (diff) |
Add DNS rebinding protection settings
Diffstat (limited to 'spec/lib/gitlab/url_blocker_spec.rb')
-rw-r--r-- | spec/lib/gitlab/url_blocker_spec.rb | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/spec/lib/gitlab/url_blocker_spec.rb b/spec/lib/gitlab/url_blocker_spec.rb index 416f8cfece9..253366e0789 100644 --- a/spec/lib/gitlab/url_blocker_spec.rb +++ b/spec/lib/gitlab/url_blocker_spec.rb @@ -46,6 +46,41 @@ describe Gitlab::UrlBlocker do expect(hostname).to be(nil) end end + + context 'disabled DNS rebinding protection' do + context 'when URI is internal' do + let(:import_url) { 'http://localhost' } + + it 'returns URI and no hostname' do + uri, hostname = described_class.validate!(import_url, dns_rebind_protection: false) + + expect(uri).to eq(Addressable::URI.parse('http://localhost')) + expect(hostname).to be(nil) + end + end + + context 'when the URL hostname is a domain' do + let(:import_url) { 'https://example.org' } + + it 'returns URI and no hostname' do + uri, hostname = described_class.validate!(import_url, dns_rebind_protection: false) + + expect(uri).to eq(Addressable::URI.parse('https://example.org')) + expect(hostname).to eq(nil) + end + end + + context 'when the URL hostname is an IP address' do + let(:import_url) { 'https://93.184.216.34' } + + it 'returns URI and no hostname' do + uri, hostname = described_class.validate!(import_url, dns_rebind_protection: false) + + expect(uri).to eq(Addressable::URI.parse('https://93.184.216.34')) + expect(hostname).to be(nil) + end + end + end end describe '#blocked_url?' do |