Rescue invalid URLs during badge retrieval in asset proxy

a832e69c · Lucas Charles · db0d1c9b · a832e69c · a832e69c · a832e69c
Commit a832e69c authored Mar 04, 2020 by Lucas Charles
3 changed files
--- a/changelogs/unreleased/use-addressable-for-asset-proxy-badge-render.yml
+++ b/changelogs/unreleased/use-addressable-for-asset-proxy-badge-render.yml
+---
+title: Rescue invalid URLs during badge retrieval in asset proxy
+merge_request: 26524
+author:
+type: fixed
--- a/lib/gitlab/asset_proxy.rb
+++ b/lib/gitlab/asset_proxy.rb
@@ -11,12 +11,14 @@ module Gitlab
        return url if asset_host_whitelisted?(url)
        "#{Gitlab.config.asset_proxy.url}/#{asset_url_hash(url)}/#{hexencode(url)}"
+      rescue Addressable::URI::InvalidURIError
+        url
      end
      private
      def asset_host_whitelisted?(url)
-        parsed_url = URI.parse(url)
+        parsed_url = Addressable::URI.parse(url)
        Gitlab.config.asset_proxy.domain_regexp&.match?(parsed_url.host)
      end

--- a/spec/lib/gitlab/asset_proxy_spec.rb
+++ b/spec/lib/gitlab/asset_proxy_spec.rb
@@ -33,9 +33,15 @@ describe Gitlab::AssetProxy do
      expect(described_class.proxy_url(url)).to eq(proxied_url)
    end
+    it 'returns original URL for invalid domains' do
+      url = 'foo_bar://'
+      expect(described_class.proxy_url(url)).to eq(url)
+    end
    context 'whitelisted domain' do
      it 'returns original URL for single domain whitelist' do
-        url = 'http://gitlab.com/test.png'
+        url = 'http://gitlab.com/${default_branch}/test.png'
        expect(described_class.proxy_url(url)).to eq(url)
      end