|
 |
b54141 |
From 5c7bfb5c05202b4db971dd672d88a42298a0d84e Mon Sep 17 00:00:00 2001
|
|
|
b54141 |
From: Evan Phoenix <evan@phx.io>
|
|
|
b54141 |
Date: Mon, 18 May 2015 13:42:34 -0700
|
|
|
b54141 |
Subject: [PATCH] Fix API endpoint domain clamping
|
|
|
b54141 |
|
|
|
b54141 |
---
|
|
|
b54141 |
lib/rubygems/remote_fetcher.rb | 2 +-
|
|
|
b54141 |
test/rubygems/test_gem_remote_fetcher.rb | 30 ++++++++++++++++++++++++++++++
|
|
|
b54141 |
2 files changed, 31 insertions(+), 1 deletion(-)
|
|
|
b54141 |
|
|
|
b54141 |
diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb
|
|
|
b54141 |
index ec78e5f..3f107a3 100644
|
|
|
b54141 |
--- a/lib/rubygems/remote_fetcher.rb
|
|
|
b54141 |
+++ b/lib/rubygems/remote_fetcher.rb
|
|
|
b54141 |
@@ -96,7 +96,7 @@ def api_endpoint(uri)
|
|
|
b54141 |
else
|
|
|
b54141 |
target = res.target.to_s.strip
|
|
|
b54141 |
|
|
|
b54141 |
- if /#{host}\z/ =~ target
|
|
|
b54141 |
+ if /\.#{Regexp.quote(host)}\z/ =~ target
|
|
|
b54141 |
return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
|
|
|
b54141 |
end
|
|
|
b54141 |
|
|
|
b54141 |
diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb
|
|
|
b54141 |
index a590dca..6b29e18 100644
|
|
|
b54141 |
--- a/test/rubygems/test_gem_remote_fetcher.rb
|
|
|
b54141 |
+++ b/test/rubygems/test_gem_remote_fetcher.rb
|
|
|
b54141 |
@@ -196,6 +196,36 @@ def test_api_endpoint_ignores_trans_domain_values
|
|
|
b54141 |
dns.verify
|
|
|
b54141 |
end
|
|
|
b54141 |
|
|
|
b54141 |
+ def test_api_endpoint_ignores_trans_domain_values_that_starts_with_original
|
|
|
b54141 |
+ uri = URI.parse "http://example.com/foo"
|
|
|
b54141 |
+ target = MiniTest::Mock.new
|
|
|
b54141 |
+ target.expect :target, "example.combadguy.com"
|
|
|
b54141 |
+
|
|
|
b54141 |
+ dns = MiniTest::Mock.new
|
|
|
b54141 |
+ dns.expect :getresource, target, [String, Object]
|
|
|
b54141 |
+
|
|
|
b54141 |
+ fetch = Gem::RemoteFetcher.new nil, dns
|
|
|
b54141 |
+ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
|
|
|
b54141 |
+
|
|
|
b54141 |
+ target.verify
|
|
|
b54141 |
+ dns.verify
|
|
|
b54141 |
+ end
|
|
|
b54141 |
+
|
|
|
b54141 |
+ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original
|
|
|
b54141 |
+ uri = URI.parse "http://example.com/foo"
|
|
|
b54141 |
+ target = MiniTest::Mock.new
|
|
|
b54141 |
+ target.expect :target, "badexample.com"
|
|
|
b54141 |
+
|
|
|
b54141 |
+ dns = MiniTest::Mock.new
|
|
|
b54141 |
+ dns.expect :getresource, target, [String, Object]
|
|
|
b54141 |
+
|
|
|
b54141 |
+ fetch = Gem::RemoteFetcher.new nil, dns
|
|
|
b54141 |
+ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
|
|
|
b54141 |
+
|
|
|
b54141 |
+ target.verify
|
|
|
b54141 |
+ dns.verify
|
|
|
b54141 |
+ end
|
|
|
b54141 |
+
|
|
|
b54141 |
def test_cache_update_path
|
|
|
b54141 |
uri = URI 'http://example/file'
|
|
|
b54141 |
path = File.join @tempdir, 'file'
|