[rubygems/rubygems] Reduce confusion about domains used for testing

martinemde · hsbt · commit 39960cd748e9 · 2025-02-18T12:12:55.000+09:00
Sometimes security reports believe they have found a vulnerability because they find a domain we don't own being used in the rubygems repository. Though there is nothing vulnerable about using 'fake' domains in tests when they are never hit, it nonetheless reduces confusion for everyone if we constrain our test domains to domains we actually own and control. ruby/rubygems@e77ebbe2fc
diff --git a/spec/bundler/bundler/settings_spec.rb b/spec/bundler/bundler/settings_spec.rb
@@ -200,7 +200,7 @@
     end
 
     context "with a configured mirror" do
-      let(:mirror_uri) { Gem::URI("https://rubygems-mirror.org/") }
+      let(:mirror_uri) { Gem::URI("https://example-mirror.rubygems.org/") }
 
       before { settings.set_local "mirror.https://rubygems.org/", mirror_uri.to_s }
 
@@ -277,12 +277,12 @@
     end
 
     it "normalizes HTTP URIs in mirror configuration" do
-      settings.set_local "mirror.http://rubygems.org", "http://rubygems-mirror.org"
+      settings.set_local "mirror.http://rubygems.org", "http://example-mirror.rubygems.org"
       expect(settings.all).to include("mirror.http://rubygems.org/")
     end
 
     it "normalizes HTTPS URIs in mirror configuration" do
-      settings.set_local "mirror.https://rubygems.org", "http://rubygems-mirror.org"
+      settings.set_local "mirror.https://rubygems.org", "http://example-mirror.rubygems.org"
       expect(settings.all).to include("mirror.https://rubygems.org/")
     end
 
@@ -297,9 +297,9 @@
     end
 
     it "reads older keys without trailing slashes" do
-      settings.set_local "mirror.https://rubygems.org", "http://rubygems-mirror.org"
+      settings.set_local "mirror.https://rubygems.org", "http://example-mirror.rubygems.org"
       expect(settings.mirror_for("https://rubygems.org/")).to eq(
-        Gem::URI("http://rubygems-mirror.org/")
+        Gem::URI("http://example-mirror.rubygems.org/")
       )
     end
 
@@ -323,8 +323,8 @@
     end
 
     it "converts older keys without trailing slashes and double underscore" do
-      config("BUNDLE_MIRROR__HTTPS://RUBYGEMS.ORG" => "http://rubygems-mirror.org")
-      expect(settings["mirror.https://rubygems.org/"]).to eq("http://rubygems-mirror.org")
+      config("BUNDLE_MIRROR__HTTPS://RUBYGEMS.ORG" => "http://example-mirror.rubygems.org")
+      expect(settings["mirror.https://rubygems.org/"]).to eq("http://example-mirror.rubygems.org")
     end
 
     it "ignores commented out keys" do
@@ -347,8 +347,8 @@
     end
 
     it "reads newer keys format properly" do
-      config("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://rubygems-mirror.org")
-      expect(settings["mirror.https://rubygems.org/"]).to eq("http://rubygems-mirror.org")
+      config("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://example-mirror.rubygems.org")
+      expect(settings["mirror.https://rubygems.org/"]).to eq("http://example-mirror.rubygems.org")
     end
   end
 end
diff --git a/spec/bundler/bundler/source/rubygems/remote_spec.rb b/spec/bundler/bundler/source/rubygems/remote_spec.rb
@@ -106,8 +106,8 @@ def remote(uri)
 
   context "when a mirror with inline credentials is configured for the URI" do
     let(:uri) { Gem::URI("https://rubygems.org/") }
-    let(:mirror_uri_with_auth) { Gem::URI("https://username:password@rubygems-mirror.org/") }
-    let(:mirror_uri_no_auth) { Gem::URI("https://rubygems-mirror.org/") }
+    let(:mirror_uri_with_auth) { Gem::URI("https://username:password@example-mirror.rubygems.org/") }
+    let(:mirror_uri_no_auth) { Gem::URI("https://example-mirror.rubygems.org/") }
 
     before { Bundler.settings.temporary("mirror.https://rubygems.org/" => mirror_uri_with_auth.to_s) }
 
@@ -132,8 +132,8 @@ def remote(uri)
 
   context "when a mirror with configured credentials is configured for the URI" do
     let(:uri) { Gem::URI("https://rubygems.org/") }
-    let(:mirror_uri_with_auth) { Gem::URI("https://#{credentials}@rubygems-mirror.org/") }
-    let(:mirror_uri_no_auth) { Gem::URI("https://rubygems-mirror.org/") }
+    let(:mirror_uri_with_auth) { Gem::URI("https://#{credentials}@example-mirror.rubygems.org/") }
+    let(:mirror_uri_no_auth) { Gem::URI("https://example-mirror.rubygems.org/") }
 
     before do
       Bundler.settings.temporary("mirror.https://rubygems.org/" => mirror_uri_no_auth.to_s)
diff --git a/spec/bundler/bundler/yaml_serializer_spec.rb b/spec/bundler/bundler/yaml_serializer_spec.rb
@@ -112,10 +112,10 @@
 
     it "handles colon in key/value" do
       yaml = <<~YAML
-        BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/: http://rubygems-mirror.org
+        BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/: http://example-mirror.rubygems.org
       YAML
 
-      expect(serializer.load(yaml)).to eq("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://rubygems-mirror.org")
+      expect(serializer.load(yaml)).to eq("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://example-mirror.rubygems.org")
     end
 
     it "handles arrays inside hashes" do
