Rename allow_private_networks to allow_local_network

2018-04-02 17:13:47 +02:00 · 2018-04-02 17:13:47 +02:00 · b290d929bc
parent b95918dda8
commit b290d929bc
4 changed files with 12 additions and 14 deletions
--- a/app/validators/importable_url_validator.rb
+++ b/app/validators/importable_url_validator.rb
@ -4,10 +4,8 @@
 # protect against Server-side Request Forgery (SSRF).
 class ImportableUrlValidator < ActiveModel::EachValidator
  def validate_each(record, attribute, value)
-    begin
-      Gitlab::UrlBlocker.validate!(value, valid_ports: Project::VALID_IMPORT_PORTS)
-    rescue Gitlab::UrlBlocker::BlockedUrlError => e
-      record.errors.add(attribute, "is blocked: #{e.message}")
-    end
+    Gitlab::UrlBlocker.validate!(value, valid_ports: Project::VALID_IMPORT_PORTS)
+  rescue Gitlab::UrlBlocker::BlockedUrlError => e
+    record.errors.add(attribute, "is blocked: #{e.message}")
  end
 end
--- a/lib/gitlab/proxy_http_connection_adapter.rb
+++ b/lib/gitlab/proxy_http_connection_adapter.rb
@ -12,7 +12,7 @@ module Gitlab
    def connection
      unless allow_local_requests?
        begin
-          Gitlab::UrlBlocker.validate!(uri, allow_private_networks: false)
+          Gitlab::UrlBlocker.validate!(uri, allow_local_network: false)
        rescue Gitlab::UrlBlocker::BlockedUrlError => e
          raise Gitlab::HTTP::BlockedUrlError, "URL '#{uri}' is blocked: #{e.message}"
        end
--- a/lib/gitlab/url_blocker.rb
+++ b/lib/gitlab/url_blocker.rb
@ -5,7 +5,7 @@ module Gitlab
    BlockedUrlError = Class.new(StandardError)

    class << self
-      def validate!(url, allow_localhost: false, allow_private_networks: true, valid_ports: [])
+      def validate!(url, allow_localhost: false, allow_local_network: true, valid_ports: [])
        return true if url.nil?

        begin
@ -29,7 +29,7 @@ module Gitlab
        end

        validate_localhost!(addrs_info) unless allow_localhost
-        validate_local_network!(addrs_info) unless allow_private_networks
+        validate_local_network!(addrs_info) unless allow_local_network

        true
      end
--- a/spec/lib/gitlab/url_blocker_spec.rb
+++ b/spec/lib/gitlab/url_blocker_spec.rb
@ -74,13 +74,13 @@ describe Gitlab::UrlBlocker do
      expect(described_class.blocked_url?('https://gitlab.com/foo/foo.git')).to be false
    end

-    context 'when allow_private_networks is' do
-      let(:private_networks) { ['192.168.1.2', '10.0.0.2', '172.16.0.2'] }
+    context 'when allow_local_network is' do
+      let(:local_ips) { ['192.168.1.2', '10.0.0.2', '172.16.0.2'] }
      let(:fake_domain) { 'www.fakedomain.fake' }

      context 'true (default)' do
        it 'does not block urls from private networks' do
-          private_networks.each do |ip|
+          local_ips.each do |ip|
            stub_domain_resolv(fake_domain, ip)

            expect(described_class).not_to be_blocked_url("http://#{fake_domain}")
@ -94,14 +94,14 @@ describe Gitlab::UrlBlocker do

      context 'false' do
        it 'blocks urls from private networks' do
-          private_networks.each do |ip|
+          local_ips.each do |ip|
            stub_domain_resolv(fake_domain, ip)

-            expect(described_class).to be_blocked_url("http://#{fake_domain}", allow_private_networks: false)
+            expect(described_class).to be_blocked_url("http://#{fake_domain}", allow_local_network: false)

            unstub_domain_resolv

-            expect(described_class).to be_blocked_url("http://#{ip}", allow_private_networks: false)
+            expect(described_class).to be_blocked_url("http://#{ip}", allow_local_network: false)
          end
        end
      end