From 5c7bfb5c05202b4db971dd672d88a42298a0d84e Mon Sep 17 00:00:00 2001 From: Evan Phoenix Date: Mon, 18 May 2015 13:42:34 -0700 Subject: [PATCH] Fix API endpoint domain clamping --- lib/rubygems/remote_fetcher.rb | 2 +- test/rubygems/test_gem_remote_fetcher.rb | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb index ec78e5f..3f107a3 100644 --- a/lib/rubygems/remote_fetcher.rb +++ b/lib/rubygems/remote_fetcher.rb @@ -96,7 +96,7 @@ def api_endpoint(uri) else target = res.target.to_s.strip - if /#{host}\z/ =~ target + if /\.#{Regexp.quote(host)}\z/ =~ target return URI.parse "#{uri.scheme}://#{target}#{uri.path}" end diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb index a590dca..6b29e18 100644 --- a/test/rubygems/test_gem_remote_fetcher.rb +++ b/test/rubygems/test_gem_remote_fetcher.rb @@ -196,6 +196,36 @@ def test_api_endpoint_ignores_trans_domain_values dns.verify end + def test_api_endpoint_ignores_trans_domain_values_that_starts_with_original + uri = URI.parse "http://example.com/foo" + target = MiniTest::Mock.new + target.expect :target, "example.combadguy.com" + + dns = MiniTest::Mock.new + dns.expect :getresource, target, [String, Object] + + fetch = Gem::RemoteFetcher.new nil, dns + assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) + + target.verify + dns.verify + end + + def test_api_endpoint_ignores_trans_domain_values_that_end_with_original + uri = URI.parse "http://example.com/foo" + target = MiniTest::Mock.new + target.expect :target, "badexample.com" + + dns = MiniTest::Mock.new + dns.expect :getresource, target, [String, Object] + + fetch = Gem::RemoteFetcher.new nil, dns + assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) + + target.verify + dns.verify + end + def test_cache_update_path uri = URI 'http://example/file' path = File.join @tempdir, 'file'