Commit 27a6901a authored by rpereira2's avatar rpereira2

Move some whitelist specs to url_whitelist_spec

UrlBlocker calls UrlWhitelist methods, so url_whitelist_spec is the
right place for specs which check for the correct behavior of the
UrlWhitelist methods.
parent 2665e40c
...@@ -501,58 +501,6 @@ describe Gitlab::UrlBlocker, :stub_invalid_dns_only do ...@@ -501,58 +501,6 @@ describe Gitlab::UrlBlocker, :stub_invalid_dns_only do
it_behaves_like 'dns rebinding checks' it_behaves_like 'dns rebinding checks'
end end
end end
context 'with ip ranges in whitelist' do
let(:ipv4_range) { '127.0.0.0/28' }
let(:ipv6_range) { 'fd84:6d02:f6d8:c89e::/124' }
let(:whitelist) do
[
ipv4_range,
ipv6_range
]
end
it 'blocks ipv4 range when not in whitelist' do
stub_application_setting(outbound_local_requests_whitelist: [])
IPAddr.new(ipv4_range).to_range.to_a.each do |ip|
expect(described_class).to be_blocked_url("http://#{ip}",
url_blocker_attributes)
end
end
it 'allows all ipv4s in the range when in whitelist' do
IPAddr.new(ipv4_range).to_range.to_a.each do |ip|
expect(described_class).not_to be_blocked_url("http://#{ip}",
url_blocker_attributes)
end
end
it 'blocks ipv6 range when not in whitelist' do
stub_application_setting(outbound_local_requests_whitelist: [])
IPAddr.new(ipv6_range).to_range.to_a.each do |ip|
expect(described_class).to be_blocked_url("http://[#{ip}]",
url_blocker_attributes)
end
end
it 'allows all ipv6s in the range when in whitelist' do
IPAddr.new(ipv6_range).to_range.to_a.each do |ip|
expect(described_class).not_to be_blocked_url("http://[#{ip}]",
url_blocker_attributes)
end
end
it 'blocks IPs outside the range' do
expect(described_class).to be_blocked_url("http://[fd84:6d02:f6d8:c89e:0:0:1:f]",
url_blocker_attributes)
expect(described_class).to be_blocked_url("http://127.0.1.15",
url_blocker_attributes)
end
end
end end
end end
......
...@@ -68,5 +68,51 @@ describe Gitlab::UrlBlockers::UrlWhitelist do ...@@ -68,5 +68,51 @@ describe Gitlab::UrlBlockers::UrlWhitelist do
it 'returns false when ip is blank' do it 'returns false when ip is blank' do
expect(described_class).not_to be_ip_whitelisted(nil) expect(described_class).not_to be_ip_whitelisted(nil)
end end
context 'with ip ranges in whitelist' do
let(:ipv4_range) { '127.0.0.0/28' }
let(:ipv6_range) { 'fd84:6d02:f6d8:c89e::/124' }
let(:whitelist) do
[
ipv4_range,
ipv6_range
]
end
it 'does not whitelist ipv4 range when not in whitelist' do
stub_application_setting(outbound_local_requests_whitelist: [])
IPAddr.new(ipv4_range).to_range.to_a.each do |ip|
expect(described_class).not_to be_ip_whitelisted(ip.to_s)
end
end
it 'whitelists all ipv4s in the range when in whitelist' do
IPAddr.new(ipv4_range).to_range.to_a.each do |ip|
expect(described_class).to be_ip_whitelisted(ip.to_s)
end
end
it 'does not whitelist ipv6 range when not in whitelist' do
stub_application_setting(outbound_local_requests_whitelist: [])
IPAddr.new(ipv6_range).to_range.to_a.each do |ip|
expect(described_class).not_to be_ip_whitelisted(ip.to_s)
end
end
it 'whitelists all ipv6s in the range when in whitelist' do
IPAddr.new(ipv6_range).to_range.to_a.each do |ip|
expect(described_class).to be_ip_whitelisted(ip.to_s)
end
end
it 'does not whitelist IPs outside the range' do
expect(described_class).not_to be_ip_whitelisted("fd84:6d02:f6d8:c89e:0:0:1:f")
expect(described_class).not_to be_ip_whitelisted("127.0.1.15")
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment