Webmock < 3.12.1 cannot handle IPv6 addresses correctly

Posted About 3 years ago. Visible to the public.

We had the issue, that a VCR spec failed, after updating CarrierWave from version 0.11.0 to 1.3.2.
In this version, CarrierWave uses the gem SsrfFilter, which retrieves the IP addresses for the given hostname and replaces the hostname in the requested url with one of them.

It works with IPv4 addresses, but not with IPv6 addresses, because WebMock cannot handle those correctly Show archive.org snapshot :

uri = "#{protocol}://#{net_http.address}:#{net_http.port}#{path}"

There must be square brackets around the IPv6 address, to separate it from the port, like http://[2606:4700:3035::6815:4061]:80/Content/Test/example.jpg, which WebMock does not consider.

It leads to the following errors (which are rescued in the CarrierWave code):

  • Invalid port number: \"b4ea\" for an address like 2606:4700:3033:0000:0000:0000:ac43:b4ea
  • bad URI(is not URI?): http://2606:4700:3035::6815:4061/Content/Test/example.jpg

There is already an issue on GitHub Show archive.org snapshot , where we offered a patch.

The fix was applied in version 3.12.1 Show archive.org snapshot .

Last edit
About 3 years ago
Deleted user #8242
License
Source code in this card is licensed under the MIT License.

Related cards:

How to handle when an HTML <video> element cannot autoplay

HTML <video> elements can automatically start playing when the autoplay attribute is set on them. Except for when they can not, e.g. on pageload, or when the element enters the DOM without user interaction, or when the browser for some other r...

Using attribute event handlers with a strict Content Security Policy (CSP)

Given you have a strict CSP that only allows <script src> elements from your own domain:

Content-Security-Policy: script-src 'self'

This will block JavaScript handlers inlined as attribute into your HTML elements. Clicking on the f...

Fix [RubyODBC]Cannot allocate SQLHENV when connecting to MSSQL 2005 with Ruby 1.8.7. on Ubuntu 10.10

I followed this nice guide Connecting to MSSQL with Ruby on Ubuntu - lambie.org until I ran in the following errors:

irb(main):001:0> require "dbi"; ...

How to use html_safe correctly

Back in the war, Rails developers had to manually HTML-escape user-supplied text before it was rendered in a view. If only a single piece of user-supplied text was rendered without prior escaping, it enabled [XSS attacks](http://en.wikipedia.org/w...

OpenStack instance not configuring network (DHCP) correctly

We ran into trouble when adding additional compute units to our railscomplete Hosting environment lately.

VM-instances on the new compute units where booting and requesting private IP addresses via DHCP correctly (`DHCP...

Webmock's hash_including doesn't parse query values to string

Webmocks hash_including is similar to RSpec::Mocks::ArgumentMatchers#hash_including. Be aware that hash_including (webmock v3.0.1) doesn't parse integer values to String.

Without hash including you would say:

uri = URI('http://example....

Async control flow in JavaScript: Promises, Microtasks, async/await

Slides for Henning's talk on Sep 21st 2017.

Understanding sync vs. async control flow

Talking to synchronous (or "blocking") API

print('script start')
html = get('/foo')
print(html)
print('s...

Faking and testing the network with WebMock

An alternative to this technique is using VCR. VCR allows you to record and replay real HTTP responses, saving you the effort to stub out request/response...

WebMock 1.8.0 does not play nice with Curb < 0.7.16

When updating WebMock, be prepared that your specs may send real requests into the depths of the internet unless you update Curb as well.\
WebMock will not complain about those ...

Turning off VCR when stubbing with Webmock

Sometimes when working with VCR you still want to use webmock. Since VCR hooks into webmock and fails when an unknown request is happening, you have to turn it off in order to use webmock like you are used to. Here is how to do this in rspec.

Posted to makandra dev (2021-02-26 07:45)
This website uses short-lived cookies to improve usability.
or learn more