Commit d03b7bb1 authored by Stan Hu's avatar Stan Hu 🔴

Properly handle multiple X-Forwarded-For addresses in runner IP

https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24624 extracted
the X-Forwarded-For address directly, but this didn't consider the case
where multiple proxies are in the chain. To fix this, we use the Rails
implementation to filter trusted proxies, as documented by Grape:
https://github.com/ruby-grape/grape#remote-ip

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/58103
parent c44c83c4
---
title: Properly handle multiple X-Forwarded-For addresses in runner IP
merge_request: 25511
author:
type: fixed
......@@ -26,7 +26,7 @@ module API
end
def get_runner_ip
{ ip_address: request.env["HTTP_X_FORWARDED_FOR"] || request.ip }
{ ip_address: env["action_dispatch.remote_ip"].to_s || request.ip }
end
def current_runner
......
......@@ -526,6 +526,15 @@ describe API::Runner, :clean_gitlab_redis_shared_state do
expect(runner.reload.ip_address).to eq('123.222.123.222')
end
it "handles multiple X-Forwarded-For addresses" do
post api('/jobs/request'),
params: { token: runner.token },
headers: { 'User-Agent' => user_agent, 'X-Forwarded-For' => '123.222.123.222, 127.0.0.1' }
expect(response).to have_gitlab_http_status 201
expect(runner.reload.ip_address).to eq('123.222.123.222')
end
context 'when concurrently updating a job' do
before do
expect_any_instance_of(Ci::Build).to receive(:run!)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment