Commit e225ad3e authored by Igor Frenkel's avatar Igor Frenkel

Use Gitlab::HTTP in download method

Use Gitlab::HTTP for ImportExport::CommandUtil to validate the fetch url
against localhost downloads.

Changelog: changed
parent 40cdc406
...@@ -56,10 +56,20 @@ module Gitlab ...@@ -56,10 +56,20 @@ module Gitlab
end end
def download(url, upload_path) def download(url, upload_path)
File.open(upload_path, 'w') do |file| File.open(upload_path, 'wb') do |file|
# Download (stream) file from the uploader's location Gitlab::HTTP.get(url, stream_body: true) do |fragment|
IO.copy_stream(URI.parse(url).open, file) if [301, 302, 307].include?(fragment.code)
Gitlab::Import::Logger.warn(message: "received redirect fragment", fragment_code: fragment.code)
elsif fragment.code == 200
file.write(fragment)
else
raise Gitlab::ImportExport::Error, "unsupported response downloading fragment #{fragment.code}"
end
end
end end
rescue StandardError => e
@shared.error(e) # rubocop:disable Gitlab/ModuleWithInstanceVariables
raise e
end end
def tar_with_options(archive:, dir:, options:) def tar_with_options(archive:, dir:, options:)
......
...@@ -17,6 +17,10 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil do ...@@ -17,6 +17,10 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil do
def initialize def initialize
@shared = Gitlab::ImportExport::Shared.new(nil) @shared = Gitlab::ImportExport::Shared.new(nil)
end end
def download(url, upload_path)
super(url, upload_path)
end
end.new end.new
end end
...@@ -101,4 +105,44 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil do ...@@ -101,4 +105,44 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil do
end end
end end
end end
describe '#download' do
before do
stub_request(:get, loc)
.to_return(
status: 200,
body: content
)
end
context 'a non-localhost uri' do
let(:loc) { 'https://gitlab.com' }
let(:content) { File.open('spec/fixtures/rails_sample.tif') }
it 'gets the contents' do
Tempfile.create("foo") do |f|
subject.download(loc, f.path)
expect(f.read).to eq(File.open('spec/fixtures/rails_sample.tif').read)
end
end
it 'streams the contents' do
expect(Gitlab::HTTP).to receive(:get).with(loc, hash_including(stream_body: true))
Tempfile.create("foo") do |f|
subject.download(loc, f.path)
end
end
end
context 'a localhost uri' do
let(:loc) { 'https://localhost:8081/foo/bar' }
let(:content) { 'foo' }
it 'throws a blocked url error' do
Tempfile.create("foo") do |f|
expect { subject.download(loc, f.path) }.to raise_error(Gitlab::HTTP::BlockedUrlError)
end
end
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment