no longer test against user agent for github rate-limit, since it is not consistently github-camo

2016-07-01 14:59:50 +02:00 · 2016-07-01 14:59:50 +02:00 · 34fbfc2ccf
commit 34fbfc2ccf
parent bed317b109
2 changed files with 26 additions and 5 deletions
--- a/lib/travis/api/attack.rb
+++ b/lib/travis/api/attack.rb
@ -31,7 +31,9 @@ class Rack::Attack
    "/auth/post_message/iframe"
  ]

-  IMAGE_PATTERN = /^\/([a-z0-9_-]+)\/([a-z0-9_-]+)\.(png|svg)$/
+  whitelist('safelist build status images') do |request|
+    /\.(png|svg)$/.match(request.path)
+  end

  ####
  # Whitelisted IP addresses
@ -39,10 +41,6 @@ class Rack::Attack
    Travis.redis.sismember(:api_whitelisted_ips, request.ip)
  end

-  whitelist('safelist build status images when requested by github') do |request|
-    request.user_agent and request.user_agent.start_with?('github-camo') and IMAGE_PATTERN.match(request.path)
-  end
-
  ####
  # Ban based on: IP address
  # Ban time:     indefinite
--- a/spec/unit/attack_spec.rb
+++ b/spec/unit/attack_spec.rb
@ -0,0 +1,23 @@
+describe Rack::Attack do
+  describe 'image request' do
+    let(:request) {
+      env = Rack::MockRequest.env_for("https://api-test.travis-ci.org/travis-ci/travis-github-sync.png")
+      Rack::Attack::Request.new(env)
+    }
+
+    it 'should be safelisted' do
+      expect(Rack::Attack.whitelisted?(request)).to be_truthy
+    end
+  end
+
+  describe 'non-image API request' do
+    let(:request) {
+      env = Rack::MockRequest.env_for("https://api-test.travis-ci.org/repos/rails/rails/branches")
+      Rack::Attack::Request.new(env)
+    }
+
+    it 'should not be safelisted' do
+      expect(Rack::Attack.whitelisted?(request)).to be_falsy
+    end
+  end
+end