Override hostname when connecting via Kubeclient

Kubeclient uses rest-client. We hack into to access the net/http object
so that we can patch to connect to the resolved IP + set
hostname_override.

Add specs for discord. The discord integration also uses rest-client, so
since we patched rest-client, spec that the DNS rebinding protection
works

1 files changed, 33 insertions, 0 deletions

diff --git a/spec/models/project_services/discord_service_spec.rb b/spec/models/project_services/discord_service_spec.rb
index be82f223478..96ac532dcd1 100644
--- a/spec/models/project_services/discord_service_spec.rb
+++ b/spec/models/project_services/discord_service_spec.rb
@@ -8,4 +8,37 @@ describe DiscordService do
     let(:client_arguments) { { url: webhook_url } }
     let(:content_key) { :content }
   end
+
+  describe '#execute' do
+    include StubRequests
+
+    let(:user) { create(:user) }
+    let(:project) { create(:project, :repository) }
+    let(:webhook_url) { "https://example.gitlab.com/" }
+
+    let(:sample_data) do
+      Gitlab::DataBuilder::Push.build_sample(project, user)
+    end
+
+    before do
+      allow(subject).to receive_messages(
+        project: project,
+        project_id: project.id,
+        service_hook: true,
+        webhook: webhook_url
+      )
+
+      WebMock.stub_request(:post, webhook_url)
+    end
+
+    context 'DNS rebind to local address' do
+      before do
+        stub_dns(webhook_url, ip_address: '192.168.2.120')
+      end
+
+      it 'does not allow DNS rebinding' do
+        expect { subject.execute(sample_data) }.to raise_error(ArgumentError, /is blocked/)
+      end
+    end
+  end
 end