Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix API endpoint domain clamping
  • Loading branch information
evanphx committed May 18, 2015
1 parent 0738ef3 commit 5c7bfb5
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/rubygems/remote_fetcher.rb
Expand Up @@ -96,7 +96,7 @@ def api_endpoint(uri)
else
target = res.target.to_s.strip

if /#{host}\z/ =~ target
if /\.#{Regexp.quote(host)}\z/ =~ target
return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
end

Expand Down
30 changes: 30 additions & 0 deletions test/rubygems/test_gem_remote_fetcher.rb
Expand Up @@ -196,6 +196,36 @@ def test_api_endpoint_ignores_trans_domain_values
dns.verify
end

def test_api_endpoint_ignores_trans_domain_values_that_starts_with_original
uri = URI.parse "http://example.com/foo"
target = MiniTest::Mock.new
target.expect :target, "example.combadguy.com"

dns = MiniTest::Mock.new
dns.expect :getresource, target, [String, Object]

fetch = Gem::RemoteFetcher.new nil, dns
assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)

target.verify
dns.verify
end

def test_api_endpoint_ignores_trans_domain_values_that_end_with_original
uri = URI.parse "http://example.com/foo"
target = MiniTest::Mock.new
target.expect :target, "badexample.com"

dns = MiniTest::Mock.new
dns.expect :getresource, target, [String, Object]

fetch = Gem::RemoteFetcher.new nil, dns
assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)

target.verify
dns.verify
end

def test_cache_update_path
uri = URI 'http://example/file'
path = File.join @tempdir, 'file'
Expand Down

0 comments on commit 5c7bfb5

Please sign in to comment.