Fix API endpoint domain clamping

evanphx · evanphx · commit 5c7bfb5c0520 · 2015-05-18T13:42:34.000-07:00
diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb
@@ -96,7 +96,7 @@ def api_endpoint(uri)
     else
       target = res.target.to_s.strip
 
-      if /#{host}\z/ =~ target
+      if /\.#{Regexp.quote(host)}\z/ =~ target
         return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
       end
 
diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb
@@ -196,6 +196,36 @@ def test_api_endpoint_ignores_trans_domain_values
     dns.verify
   end
 
+  def test_api_endpoint_ignores_trans_domain_values_that_starts_with_original
+    uri = URI.parse "http://example.com/foo"
+    target = MiniTest::Mock.new
+    target.expect :target, "example.combadguy.com"
+
+    dns = MiniTest::Mock.new
+    dns.expect :getresource, target, [String, Object]
+
+    fetch = Gem::RemoteFetcher.new nil, dns
+    assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
+
+    target.verify
+    dns.verify
+  end
+
+  def test_api_endpoint_ignores_trans_domain_values_that_end_with_original
+    uri = URI.parse "http://example.com/foo"
+    target = MiniTest::Mock.new
+    target.expect :target, "badexample.com"
+
+    dns = MiniTest::Mock.new
+    dns.expect :getresource, target, [String, Object]
+
+    fetch = Gem::RemoteFetcher.new nil, dns
+    assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
+
+    target.verify
+    dns.verify
+  end
+
   def test_cache_update_path
     uri = URI 'http://example/file'
     path = File.join @tempdir, 'file'
