codeclimate-services 1.9.0 → 1.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4df2ee48a6422a56813233250049c38979fc3cb8
-  data.tar.gz: 7e58584424589e2c0b2ca337a853a4ea37e7b0fa
+  metadata.gz: 0b0ad91d5350b519927b48a92e1f8fc799627813
+  data.tar.gz: 622aa41d40c4cbfe5b2ce9c9197fec5759f1226b
 SHA512:
-  metadata.gz: ebb9f1f93b763a3858d6c66283ad1b27ff6507e57612301b71eeaf2077a1a034e808f98e787bbd9d9a9b2091f7f2e0bb397f38b3710c726bcd6907d5e37d51ad
-  data.tar.gz: db694bb54c853bf76dab733883350b38e1c3123706104e3b2a7730ebb41618b65badd9b6c7afc4ccade4ecc26db5997935cd8c5392a052987a06c156f75ab541
+  metadata.gz: 3649833ef47b09d719ee72375b83cbfca664522e1f7c8aec90a9678b4a24e00c607efb71a54f78397c6635ce9e21842802420de46dda0cbf1c255644cc0be5b6
+  data.tar.gz: 8965dc6e356e0e29f964724ca4e53cb38a26ab585e484c36c8a82b8e485cfa4b48c56cb26f34a0ba93540a2b03e178eac187db05f3bb4581103adbb8d8fe1496

data/lib/cc/resolv.rb

@@ -0,0 +1,39 @@
+require "resolv-replace"
+
+module CC
+  class Resolv
+    def self.with_fixed_dns(dns = ::Resolv::DNS.new)
+      ::Resolv::DefaultResolver.replace_resolvers([Fixed.new(dns)])
+
+      yield if block_given?
+    ensure
+      # There's no way to ask what the current values are before we override
+      # them; hopefully going by the source is good enough.
+      # https://docs.ruby-lang.org/en/2.0.0/Resolv.html#method-c-new
+      default_resolvers = [::Resolv::Hosts.new, ::Resolv::DNS.new]
+      ::Resolv::DefaultResolver.replace_resolvers(default_resolvers)
+    end
+
+    class Fixed
+      def initialize(fallback)
+        @addresses = {}
+        @fallback = fallback
+      end
+
+      def each_address(name)
+        if addresses.key?(name)
+          yield addresses.fetch(name)
+        else
+          fallback.each_address(name) do |address|
+            addresses[name] ||= address
+            yield address
+          end
+        end
+      end
+
+      private
+
+      attr_reader :addresses, :fallback
+    end
+  end
+end

data/lib/cc/service/http.rb

@@ -1,4 +1,5 @@
 require "active_support/concern"
+require "cc/resolv"
 require "cc/service/response_check"
 require "cc/service/safe_webhook"
 
@@ -53,13 +54,15 @@ module CC::Service::HTTP
   def http_method(method, url = nil, body = nil, headers = nil)
     block = Proc.new if block_given?
 
-    CC::Service::SafeWebhook.ensure_safe!(url)
+    CC::Resolv.with_fixed_dns do
+      CC::Service::SafeWebhook.ensure_safe!(url)
 
-    http.send(method) do |req|
-      req.url(url) if url
-      req.headers.update(headers) if headers
-      req.body = body if body
-      block.call req if block
+      http.send(method) do |req|
+        req.url(url) if url
+        req.headers.update(headers) if headers
+        req.body = body if body
+        block.call req if block
+      end
     end
   end
 

data/lib/cc/service/safe_webhook.rb

@@ -1,8 +1,6 @@
 require "ipaddr"
 require "uri"
 
-require "cc/fixed_resolv"
-
 module CC
   class Service
     class SafeWebhook
@@ -22,16 +20,6 @@ module CC
         instance.ensure_safe!
       end
 
-      def self.getaddress(host)
-        @dns ||= Resolv::DNS.new
-        @dns.getaddress(host)
-      end
-
-      def self.setaddress(host, address)
-        @fixed_resolv ||= CC::FixedResolv.enable!
-        @fixed_resolv.setaddress(host, address)
-      end
-
       def initialize(url)
         @url = url
       end
@@ -49,14 +37,12 @@ module CC
       attr_reader :url
 
       def internal?(host)
-        address = self.class.getaddress(host)
-
-        self.class.setaddress(host, address)
+        address = ::Resolv.getaddress(host)
 
         PRIVATE_ADDRESS_SUBNETS.any? do |subnet|
           subnet === IPAddr.new(address.to_s)
         end
-      rescue Resolv::ResolvError
+      rescue ::Resolv::ResolvError
         true # localhost
       end
 

data/lib/cc/services/version.rb

@@ -1,5 +1,5 @@
 module CC
   module Services
-    VERSION = "1.9.0".freeze
+    VERSION = "1.9.1".freeze
   end
 end

data/spec/cc/resolve_spec.rb

@@ -0,0 +1,43 @@
+require "spec_helper"
+
+module CC
+  describe Resolv do
+    describe ".with_fixed_dns" do
+      it "replaces the default resolver for the duration of the block" do
+        fallback = double
+
+        expect(fallback).to receive(:each_address).
+          with("google.com").and_yield("overridden")
+
+        Resolv.with_fixed_dns(fallback) do
+          expect(::Resolv.getaddress("google.com")).to eq "overridden"
+          expect(::Resolv.getaddress("google.com")).to eq "overridden"
+        end
+
+        expect(::Resolv.getaddress("google.com")).not_to eq "overridden"
+      end
+    end
+
+    describe Resolv::Fixed do
+      describe "#each_address" do
+        it "delegates to the fallback resolver and caches the first address" do
+          fallback = double
+          fixed = Resolv::Fixed.new(fallback)
+
+          allow(fallback).to receive(:each_address).
+            with("host").once.
+            and_yield("address-1").
+            and_yield("address-2")
+
+          yielded_1 = []
+          yielded_2 = []
+          fixed.each_address("host") { |a| yielded_1 << a }
+          fixed.each_address("host") { |a| yielded_2 << a }
+
+          expect(yielded_1).to eq ["address-1", "address-2"]
+          expect(yielded_2).to eq ["address-1"]
+        end
+      end
+    end
+  end
+end

data/spec/cc/service/safe_webhook_spec.rb

@@ -5,7 +5,7 @@ class CC::Service
     describe ".ensure_safe!" do
       it "does not allow internal URLs" do
         %w[ 127.0.0.1 192.168.0.1 10.0.1.18 ].each do |address|
-          stub_resolv("github.com", address)
+          stub_resolv_getaddress("github.com", address)
 
           expect do
             SafeWebhook.ensure_safe!("https://github.com/api/v1/user")
@@ -13,29 +13,35 @@ class CC::Service
         end
       end
 
+      it "does not allow URLs that don't resolve via DNS" do
+        allow(::Resolv).to receive(:getaddress).
+          with("localhost").and_raise(::Resolv::ResolvError)
+
+        expect do
+          SafeWebhook.ensure_safe!("https://localhost/api/v1/user")
+        end.to raise_error(SafeWebhook::InternalWebhookError)
+      end
+
       it "allows internal URLs when configured to do so" do
         allow(ENV).to receive(:[]).
           with("CODECLIMATE_ALLOW_INTERNAL_WEBHOOKS").
           and_return("1")
 
-        stub_resolv("github.com", "10.0.1.18")
+        stub_resolv_getaddress("github.com", "10.0.1.18")
 
         SafeWebhook.ensure_safe!("https://github.com/api/v1/user")
       end
 
       it "allows non-internal URLs" do
-        stub_resolv("github.com", "1.1.1.2")
+        stub_resolv_getaddress("github.com", "1.1.1.2")
 
         SafeWebhook.ensure_safe!("https://github.com/api/v1/user")
       end
+    end
 
-      it "ensures future dns queries get the same answer" do
-        stub_resolv("github.com", "1.1.1.3")
-
-        SafeWebhook.ensure_safe!("https://github.com/api/v1/user")
-
-        expect(Resolv.getaddress("github.com").to_s).to eq "1.1.1.3"
-      end
+    def stub_resolv_getaddress(host, ip)
+      allow(::Resolv).to receive(:getaddress).
+        with(host).and_return(::Resolv::IPv4.create(ip))
     end
   end
 end

data/spec/support/resolv_helpers.rb

@@ -1,7 +1,9 @@
 module ResolvHelpers
   def stub_resolv(name, address)
-    allow(CC::Service::SafeWebhook).to receive(:getaddress).
-      with(name).and_return(Resolv::IPv4.create(address))
+    dns = double
+    allow(::Resolv::DNS).to receive(:new).and_return(dns)
+    allow(dns).to receive(:each_address).
+      with(name).and_yield(Resolv::IPv4.create(address))
   end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: codeclimate-services
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.9.1
 platform: ruby
 authors:
 - Bryan Helmkamp
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-04 00:00:00.000000000 Z
+date: 2016-11-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -149,7 +149,6 @@ files:
 - config/cacert.pem
 - config/load.rb
 - lib/axiom/types/password.rb
-- lib/cc/fixed_resolv.rb
 - lib/cc/formatters/linked_formatter.rb
 - lib/cc/formatters/plain_formatter.rb
 - lib/cc/formatters/snapshot_formatter.rb
@@ -160,6 +159,7 @@ files:
 - lib/cc/helpers/vulnerability_helper.rb
 - lib/cc/presenters/pull_requests_presenter.rb
 - lib/cc/pull_requests.rb
+- lib/cc/resolv.rb
 - lib/cc/service.rb
 - lib/cc/service/config.rb
 - lib/cc/service/formatter.rb
@@ -192,6 +192,7 @@ files:
 - spec/axiom/types/password_spec.rb
 - spec/cc/formatters/snapshot_formatter_spec.rb
 - spec/cc/presenters/pull_requests_presenter_spec.rb
+- spec/cc/resolve_spec.rb
 - spec/cc/service/asana_spec.rb
 - spec/cc/service/campfire_spec.rb
 - spec/cc/service/flowdock_spec.rb
@@ -243,6 +244,7 @@ test_files:
 - spec/axiom/types/password_spec.rb
 - spec/cc/formatters/snapshot_formatter_spec.rb
 - spec/cc/presenters/pull_requests_presenter_spec.rb
+- spec/cc/resolve_spec.rb
 - spec/cc/service/asana_spec.rb
 - spec/cc/service/campfire_spec.rb
 - spec/cc/service/flowdock_spec.rb

data/lib/cc/fixed_resolv.rb

@@ -1,29 +0,0 @@
-require "resolv-replace"
-
-module CC
-  class FixedResolv < Resolv::DNS
-    def self.enable!
-      new.tap do |instance|
-        Resolv::DefaultResolver.replace_resolvers([instance])
-      end
-    end
-
-    def initialize
-      @addresses = {}
-    end
-
-    def setaddress(name, address)
-      addresses[name] = address
-    end
-
-    def each_address(name)
-      if addresses.key?(name)
-        yield addresses.fetch(name)
-      end
-    end
-
-    private
-
-    attr_reader :addresses
-  end
-end