Fix order-dependent X509 specs

The `ca_certs_bundle` method is memoized, but the state could leak across specs. We now reset the memoized value before each example and after the spec finishes to avoid leaking errors. Closes https://gitlab.com/gitlab-org/gitlab/-/issues/344024

Fix order-dependent X509 specs
The `ca_certs_bundle` method is memoized, but the state could leak across specs. We now reset the memoized value before each example and after the spec finishes to avoid leaking errors. Closes https://gitlab.com/gitlab-org/gitlab/-/issues/344024
ef33c5e6 · Stan Hu · a1c814cb · ef33c5e6 · ef33c5e6
Commit ef33c5e6 authored Oct 27, 2021 by Stan Hu
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 6 deletions

lib/gitlab/x509/certificate.rb lib/gitlab/x509/certificate.rb +14 -6

spec/lib/gitlab/x509/certificate_spec.rb spec/lib/gitlab/x509/certificate_spec.rb +5 -0

No files found.
--- a/lib/gitlab/x509/certificate.rb
+++ b/lib/gitlab/x509/certificate.rb
@@ -19,6 +19,10 @@ module Gitlab
        ca_certs.map(&:to_pem).join('\n') unless ca_certs.blank?
      end

+      class << self
+        include ::Gitlab::Utils::StrongMemoize
+      end
+
      def self.from_strings(key_string, cert_string, ca_certs_string = nil)
        key = OpenSSL::PKey::RSA.new(key_string)
        cert = OpenSSL::X509::Certificate.new(cert_string)
@@ -44,13 +48,17 @@ module Gitlab

      # Returns a concatenated array of Strings, each being a PEM-coded CA certificate.
      def self.ca_certs_bundle
-        return @certs if @certs
+        strong_memoize(:ca_certs_bundle) do
+          ca_certs_paths.flat_map do |cert_file|
+            load_ca_certs_bundle(File.read(cert_file))
+          rescue OpenSSL::OpenSSLError => e
+            Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, cert_file: cert_file)
+          end.uniq.join("\n")
+        end
+      end

-        @certs = ca_certs_paths.flat_map do |cert_file|
-          load_ca_certs_bundle(File.read(cert_file))
-        rescue OpenSSL::OpenSSLError => e
-          Gitlab::ErrorTracking.track_and_raise_for_dev_exception(e, cert_file: cert_file)
-        end.uniq.join("\n")
+      def self.reset_ca_certs_bundle
+        clear_memoization(:ca_certs_bundle)
      end

      # Returns an array of OpenSSL::X509::Certificate objects, empty array if none found

--- a/spec/lib/gitlab/x509/certificate_spec.rb
+++ b/spec/lib/gitlab/x509/certificate_spec.rb
@@ -19,6 +19,11 @@ RSpec.describe Gitlab::X509::Certificate do
  before do
    stub_const("OpenSSL::X509::DEFAULT_CERT_DIR", sample_ca_certs_path)
    stub_const("OpenSSL::X509::DEFAULT_CERT_FILE", sample_cert)
+    described_class.reset_ca_certs_bundle
+  end
+
+  after(:context) do
+    described_class.reset_ca_certs_bundle
  end

  describe 'testing environment setup' do