rpms / rh-ruby22-ruby

Clone
Source Code
GIT

Blame SOURCES/rubygems-2.2.4-Limit-API-endpoint-to-original-security-domain.patch

c7
  1.   b54141fdffccd4e3fc97495da71f96e17e59b0e8
  2.   SOURCES
  3.   rubygems-2.2.4-Limit-API-endpoint-to-original-security-domain.patch
Blob History Raw
b54141 
From 6bbee35fd6daed045103f3122490a588d97c066a Mon Sep 17 00:00:00 2001
b54141 
From: Evan Phoenix <evan@phx.io>
b54141 
Date: Thu, 14 May 2015 14:53:35 -0700
b54141 
Subject: [PATCH] Limit API endpoint to original security domain
b54141
b54141 
Conflicts:
b54141 
	lib/rubygems/remote_fetcher.rb
b54141
b54141 
Conflicts:
b54141 
	test/rubygems/test_gem_remote_fetcher.rb
b54141 
---
b54141 
 lib/rubygems/remote_fetcher.rb           |  8 +++++++-
b54141 
 test/rubygems/test_gem_remote_fetcher.rb | 18 ++++++++++++++++--
b54141 
 2 files changed, 23 insertions(+), 3 deletions(-)
b54141
b54141 
diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb
b54141 
index da1febb..ec78e5f 100644
b54141 
--- a/lib/rubygems/remote_fetcher.rb
b54141 
+++ b/lib/rubygems/remote_fetcher.rb
b54141 
@@ -94,7 +94,13 @@ def api_endpoint(uri)
b54141 
     rescue Resolv::ResolvError
b54141 
       uri
b54141 
     else
b54141 
-      URI.parse "#{uri.scheme}://#{res.target}#{uri.path}"
b54141 
+      target = res.target.to_s.strip
b54141 
+
b54141 
+      if /#{host}\z/ =~ target
b54141 
+        return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
b54141 
+      end
b54141 
+
b54141 
+      uri
b54141 
     end
b54141 
   end
b54141
b54141 
diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb
b54141 
index 883e1bd..a590dca 100644
b54141 
--- a/test/rubygems/test_gem_remote_fetcher.rb
b54141 
+++ b/test/rubygems/test_gem_remote_fetcher.rb
b54141 
@@ -167,6 +167,21 @@ def test_no_proxy
b54141 
   end
b54141
b54141 
   def test_api_endpoint
b54141 
+    uri = URI.parse "http://example.com/foo"
b54141 
+    target = MiniTest::Mock.new
b54141 
+    target.expect :target, "gems.example.com"
b54141 
+
b54141 
+    dns = MiniTest::Mock.new
b54141 
+    dns.expect :getresource, target, [String, Object]
b54141 
+
b54141 
+    fetch = Gem::RemoteFetcher.new nil, dns
b54141 
+    assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
b54141 
+
b54141 
+    target.verify
b54141 
+    dns.verify
b54141 
+  end
b54141 
+
b54141 
+  def test_api_endpoint_ignores_trans_domain_values
b54141 
     uri = URI.parse "http://gems.example.com/foo"
b54141 
     target = MiniTest::Mock.new
b54141 
     target.expect :target, "blah.com"
b54141 
@@ -175,8 +190,7 @@ def test_api_endpoint
b54141 
     dns.expect :getresource, target, [String, Object]
b54141
b54141 
     fetch = Gem::RemoteFetcher.new nil, dns
b54141 
-    @fetcher = fetcher
b54141 
-    assert_equal URI.parse("http://blah.com/foo"), fetch.api_endpoint(uri)
b54141 
+    assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
b54141
b54141 
     target.verify
b54141 
     dns.verify

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation