From 39960cd748e969dd2bc711a7913fe4c0b00e7fd4 Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Mon, 17 Feb 2025 09:57:28 -0800 Subject: [rubygems/rubygems] Reduce confusion about domains used for testing Sometimes security reports believe they have found a vulnerability because they find a domain we don't own being used in the rubygems repository. Though there is nothing vulnerable about using 'fake' domains in tests when they are never hit, it nonetheless reduces confusion for everyone if we constrain our test domains to domains we actually own and control. https://github.com/rubygems/rubygems/commit/e77ebbe2fc --- spec/bundler/bundler/settings_spec.rb | 18 +++++++++--------- spec/bundler/bundler/source/rubygems/remote_spec.rb | 8 ++++---- spec/bundler/bundler/yaml_serializer_spec.rb | 4 ++-- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/spec/bundler/bundler/settings_spec.rb b/spec/bundler/bundler/settings_spec.rb index 7c64c1c907..592db81e9b 100644 --- a/spec/bundler/bundler/settings_spec.rb +++ b/spec/bundler/bundler/settings_spec.rb @@ -200,7 +200,7 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow end context "with a configured mirror" do - let(:mirror_uri) { Gem::URI("https://rubygems-mirror.org/") } + let(:mirror_uri) { Gem::URI("https://example-mirror.rubygems.org/") } before { settings.set_local "mirror.https://rubygems.org/", mirror_uri.to_s } @@ -277,12 +277,12 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow end it "normalizes HTTP URIs in mirror configuration" do - settings.set_local "mirror.http://rubygems.org", "http://rubygems-mirror.org" + settings.set_local "mirror.http://rubygems.org", "http://example-mirror.rubygems.org" expect(settings.all).to include("mirror.http://rubygems.org/") end it "normalizes HTTPS URIs in mirror configuration" do - settings.set_local "mirror.https://rubygems.org", "http://rubygems-mirror.org" + settings.set_local "mirror.https://rubygems.org", "http://example-mirror.rubygems.org" expect(settings.all).to include("mirror.https://rubygems.org/") end @@ -297,9 +297,9 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow end it "reads older keys without trailing slashes" do - settings.set_local "mirror.https://rubygems.org", "http://rubygems-mirror.org" + settings.set_local "mirror.https://rubygems.org", "http://example-mirror.rubygems.org" expect(settings.mirror_for("https://rubygems.org/")).to eq( - Gem::URI("http://rubygems-mirror.org/") + Gem::URI("http://example-mirror.rubygems.org/") ) end @@ -323,8 +323,8 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow end it "converts older keys without trailing slashes and double underscore" do - config("BUNDLE_MIRROR__HTTPS://RUBYGEMS.ORG" => "http://rubygems-mirror.org") - expect(settings["mirror.https://rubygems.org/"]).to eq("http://rubygems-mirror.org") + config("BUNDLE_MIRROR__HTTPS://RUBYGEMS.ORG" => "http://example-mirror.rubygems.org") + expect(settings["mirror.https://rubygems.org/"]).to eq("http://example-mirror.rubygems.org") end it "ignores commented out keys" do @@ -347,8 +347,8 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow end it "reads newer keys format properly" do - config("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://rubygems-mirror.org") - expect(settings["mirror.https://rubygems.org/"]).to eq("http://rubygems-mirror.org") + config("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://example-mirror.rubygems.org") + expect(settings["mirror.https://rubygems.org/"]).to eq("http://example-mirror.rubygems.org") end end end diff --git a/spec/bundler/bundler/source/rubygems/remote_spec.rb b/spec/bundler/bundler/source/rubygems/remote_spec.rb index 56f3bee459..f2214ca8fe 100644 --- a/spec/bundler/bundler/source/rubygems/remote_spec.rb +++ b/spec/bundler/bundler/source/rubygems/remote_spec.rb @@ -106,8 +106,8 @@ RSpec.describe Bundler::Source::Rubygems::Remote do context "when a mirror with inline credentials is configured for the URI" do let(:uri) { Gem::URI("https://rubygems.org/") } - let(:mirror_uri_with_auth) { Gem::URI("https://username:password@rubygems-mirror.org/") } - let(:mirror_uri_no_auth) { Gem::URI("https://rubygems-mirror.org/") } + let(:mirror_uri_with_auth) { Gem::URI("https://username:password@example-mirror.rubygems.org/") } + let(:mirror_uri_no_auth) { Gem::URI("https://example-mirror.rubygems.org/") } before { Bundler.settings.temporary("mirror.https://rubygems.org/" => mirror_uri_with_auth.to_s) } @@ -132,8 +132,8 @@ RSpec.describe Bundler::Source::Rubygems::Remote do context "when a mirror with configured credentials is configured for the URI" do let(:uri) { Gem::URI("https://rubygems.org/") } - let(:mirror_uri_with_auth) { Gem::URI("https://#{credentials}@rubygems-mirror.org/") } - let(:mirror_uri_no_auth) { Gem::URI("https://rubygems-mirror.org/") } + let(:mirror_uri_with_auth) { Gem::URI("https://#{credentials}@example-mirror.rubygems.org/") } + let(:mirror_uri_no_auth) { Gem::URI("https://example-mirror.rubygems.org/") } before do Bundler.settings.temporary("mirror.https://rubygems.org/" => mirror_uri_no_auth.to_s) diff --git a/spec/bundler/bundler/yaml_serializer_spec.rb b/spec/bundler/bundler/yaml_serializer_spec.rb index de437f764a..9ff1579b76 100644 --- a/spec/bundler/bundler/yaml_serializer_spec.rb +++ b/spec/bundler/bundler/yaml_serializer_spec.rb @@ -112,10 +112,10 @@ RSpec.describe Bundler::YAMLSerializer do it "handles colon in key/value" do yaml = <<~YAML - BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/: http://rubygems-mirror.org + BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/: http://example-mirror.rubygems.org YAML - expect(serializer.load(yaml)).to eq("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://rubygems-mirror.org") + expect(serializer.load(yaml)).to eq("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://example-mirror.rubygems.org") end it "handles arrays inside hashes" do -- cgit v1.2.3