Read more

Webmock < 3.12.1 cannot handle IPv6 addresses correctly

Johanna Schalk
February 26, 2021Software engineer at makandra GmbH

We had the issue, that a VCR spec failed, after updating CarrierWave from version 0.11.0 to 1.3.2.
In this version, CarrierWave uses the gem SsrfFilter, which retrieves the IP addresses for the given hostname and replaces the hostname in the requested url with one of them.

Illustration online protection

Rails professionals since 2007

Our laser focus on a single technology has made us a leader in this space. Need help?

  • We build a solid first version of your product
  • We train your development team
  • We rescue your project in trouble
Read more Show archive.org snapshot

It works with IPv4 addresses, but not with IPv6 addresses, because WebMock cannot handle those correctly Show archive.org snapshot :

uri = "#{protocol}://#{net_http.address}:#{net_http.port}#{path}"

There must be square brackets around the IPv6 address, to separate it from the port, like http://[2606:4700:3035::6815:4061]:80/Content/Test/example.jpg, which WebMock does not consider.

It leads to the following errors (which are rescued in the CarrierWave code):

  • Invalid port number: \"b4ea\" for an address like 2606:4700:3033:0000:0000:0000:ac43:b4ea
  • bad URI(is not URI?): http://2606:4700:3035::6815:4061/Content/Test/example.jpg

There is already an issue on GitHub Show archive.org snapshot , where we offered a patch.

The fix was applied in version 3.12.1 Show archive.org snapshot .

Posted by Johanna Schalk to makandra dev (2021-02-26 08:45)