Fixed NoMethodError on import from GitHub Enterprise on RFC1918 IP

With allow_local_requests_from_web_hooks_and_services set to false in GitLab settings, an attempt to import from GitHub Enterprise on a local/RFC1918 IP address would have resulted in a NoMethodError. This change fixes that bug to correctly handle, log, and return the error. Changelog: fixed

Fixed NoMethodError on import from GitHub Enterprise on RFC1918 IP
With allow_local_requests_from_web_hooks_and_services set to false in GitLab settings, an attempt to import from GitHub Enterprise on a local/RFC1918 IP address would have resulted in a NoMethodError. This change fixes that bug to correctly handle, log, and return the error. Changelog: fixed
e10c6951 · Colin Barr · Doug Stull · f28991ef · e10c6951 · e10c6951
Commit e10c6951 authored Dec 09, 2021 by Colin Barr Committed by Doug Stull Dec 09, 2021
3 changed files
--- a/app/services/import/github_service.rb
+++ b/app/services/import/github_service.rb
@@ -10,7 +10,7 @@ module Import

    def execute(access_params, provider)
      if blocked_url?
-        return log_and_return_error("Invalid URL: #{url}", :bad_request)
+        return log_and_return_error("Invalid URL: #{url}", _("Invalid URL: %{url}") % { url: url }, :bad_request)
      end

      unless authorized?
@@ -119,6 +119,15 @@ module Import

      error(_('Import failed due to a GitHub error: %{original}') % { original: exception.response_body }, :unprocessable_entity)
    end
+
+    def log_and_return_error(message, translated_message, http_status)
+      Gitlab::GithubImport::Logger.error(
+        message: 'Error while attempting to import from GitHub',
+        error: message
+      )
+
+      error(translated_message, http_status)
+    end
  end
 end


--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -19065,6 +19065,9 @@ msgstr ""
 msgid "Invalid URL"
 msgstr ""

+msgid "Invalid URL: %{url}"
+msgstr ""
+
 msgid "Invalid container_name"
 msgstr ""


--- a/spec/services/import/github_service_spec.rb
+++ b/spec/services/import/github_service_spec.rb
@@ -8,7 +8,7 @@ RSpec.describe Import::GithubService do
  let_it_be(:access_params) { { github_access_token: 'github-complex-token' } }
  let_it_be(:params) { { repo_id: 123, new_name: 'new_repo', target_namespace: 'root' } }

-  let(:subject) { described_class.new(client, user, params) }
+  subject(:github_importer) { described_class.new(client, user, params) }

  before do
    allow(subject).to receive(:authorized?).and_return(true)
@@ -110,6 +110,29 @@ RSpec.describe Import::GithubService do
        end
      end
    end
+
+    context 'when a blocked/local URL is used as github_hostname' do
+      let(:message) { 'Error while attempting to import from GitHub' }
+      let(:error) { "Invalid URL: #{url}" }
+
+      before do
+        stub_application_setting(allow_local_requests_from_web_hooks_and_services: false)
+      end
+
+      where(url: %w[https://localhost https://10.0.0.1])
+
+      with_them do
+        it 'returns and logs an error' do
+          allow(github_importer).to receive(:url).and_return(url)
+
+          expect(Gitlab::Import::Logger).to receive(:error).with({
+                                                                   message: message,
+                                                                   error: error
+                                                                 }).and_call_original
+          expect(github_importer.execute(access_params, :github)).to include(blocked_url_error(url))
+        end
+      end
+    end
  end

  context 'when remove_legacy_github_client feature flag is enabled' do
@@ -135,4 +158,12 @@ RSpec.describe Import::GithubService do
      message: '"repository" size (101 Bytes) is larger than the limit of 100 Bytes.'
    }
  end
+
+  def blocked_url_error(url)
+    {
+      status: :error,
+      http_status: :bad_request,
+      message: "Invalid URL: #{url}"
+    }
+  end
 end