Add way to globally disable filter

[fsateler]

When using test request mocks (like webmocks gem), the SSRF filter makes it impossible to mock the requests, because the DNS is resolved before making the request. That is:

stub_request(:get, 'https://example.com/file.pdf').to_return(something)

This will fail because the request will be to whatever example.com happens to resolve to.

For testing, it would be useful to be able to globally disable the filtering, and go directly to the underlying request library.

[arkadiyt]

@fsateler it's a little more cumbersome but you could do something like:

stub_request(:get, %r{\Ahttps://.*/file\.pdf\z}).with(headers: {'host': 'example.com'})

[fsateler]

Thanks, I'll try that. Still, it's a bit cumbersome.

[tdeo]

Hello, I was running into the same issue recently and found a more reasonable workaround by replacing the default resolver for tests by dropping the following code in a spec/support/ssrf_filter.rb:

class FakeTestIpResolverForSsrfFilter
  def self.call(hostname)
    new(hostname)
  end

  def initialize(hostname)
    @hostname = hostname
  end

  def reject(...)
    self
  end

  def empty?
    false
  end

  def sample
    @hostname
  end
end

SsrfFilter.module_eval do
  remove_const(:DEFAULT_RESOLVER)
  const_set(:DEFAULT_RESOLVER, FakeTestIpResolverForSsrfFilter)
end

You could also be sending the resolver: FakeTestIpResolverForSsrfFilter option to SsrfFilter calls if you have a central place for them