[rubygems/rubygems] Reduce confusion about domains used for testing

Sometimes security reports believe they have found a vulnerability because they find a domain we don't own being used in the rubygems repository. Though there is nothing vulnerable about using 'fake' domains in tests when they are never hit, it nonetheless reduces confusion for everyone if we constrain our test domains to domains we actually own and control. https://github.com/rubygems/rubygems/commit/e77ebbe2fc
2025-02-17 09:57:28 -08:00 · 2025-02-17 09:57:28 -08:00 · 39960cd748
commit 39960cd748
parent 507de2226b
3 changed files with 15 additions and 15 deletions
--- a/spec/bundler/bundler/settings_spec.rb
+++ b/spec/bundler/bundler/settings_spec.rb
@ -200,7 +200,7 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow
    end

    context "with a configured mirror" do
-      let(:mirror_uri) { Gem::URI("https://rubygems-mirror.org/") }
+      let(:mirror_uri) { Gem::URI("https://example-mirror.rubygems.org/") }

      before { settings.set_local "mirror.https://rubygems.org/", mirror_uri.to_s }

@ -277,12 +277,12 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow
    end

    it "normalizes HTTP URIs in mirror configuration" do
-      settings.set_local "mirror.http://rubygems.org", "http://rubygems-mirror.org"
+      settings.set_local "mirror.http://rubygems.org", "http://example-mirror.rubygems.org"
      expect(settings.all).to include("mirror.http://rubygems.org/")
    end

    it "normalizes HTTPS URIs in mirror configuration" do
-      settings.set_local "mirror.https://rubygems.org", "http://rubygems-mirror.org"
+      settings.set_local "mirror.https://rubygems.org", "http://example-mirror.rubygems.org"
      expect(settings.all).to include("mirror.https://rubygems.org/")
    end

@ -297,9 +297,9 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow
    end

    it "reads older keys without trailing slashes" do
-      settings.set_local "mirror.https://rubygems.org", "http://rubygems-mirror.org"
+      settings.set_local "mirror.https://rubygems.org", "http://example-mirror.rubygems.org"
      expect(settings.mirror_for("https://rubygems.org/")).to eq(
-        Gem::URI("http://rubygems-mirror.org/")
+        Gem::URI("http://example-mirror.rubygems.org/")
      )
    end

@ -323,8 +323,8 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow
    end

    it "converts older keys without trailing slashes and double underscore" do
-      config("BUNDLE_MIRROR__HTTPS://RUBYGEMS.ORG" => "http://rubygems-mirror.org")
-      expect(settings["mirror.https://rubygems.org/"]).to eq("http://rubygems-mirror.org")
+      config("BUNDLE_MIRROR__HTTPS://RUBYGEMS.ORG" => "http://example-mirror.rubygems.org")
+      expect(settings["mirror.https://rubygems.org/"]).to eq("http://example-mirror.rubygems.org")
    end

    it "ignores commented out keys" do
@ -347,8 +347,8 @@ that would suck --ehhh=oh geez it looks like i might have broken bundler somehow
    end

    it "reads newer keys format properly" do
-      config("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://rubygems-mirror.org")
-      expect(settings["mirror.https://rubygems.org/"]).to eq("http://rubygems-mirror.org")
+      config("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://example-mirror.rubygems.org")
+      expect(settings["mirror.https://rubygems.org/"]).to eq("http://example-mirror.rubygems.org")
    end
  end
 end
--- a/spec/bundler/bundler/source/rubygems/remote_spec.rb
+++ b/spec/bundler/bundler/source/rubygems/remote_spec.rb
@ -106,8 +106,8 @@ RSpec.describe Bundler::Source::Rubygems::Remote do

  context "when a mirror with inline credentials is configured for the URI" do
    let(:uri) { Gem::URI("https://rubygems.org/") }
-    let(:mirror_uri_with_auth) { Gem::URI("https://username:password@rubygems-mirror.org/") }
-    let(:mirror_uri_no_auth) { Gem::URI("https://rubygems-mirror.org/") }
+    let(:mirror_uri_with_auth) { Gem::URI("https://username:password@example-mirror.rubygems.org/") }
+    let(:mirror_uri_no_auth) { Gem::URI("https://example-mirror.rubygems.org/") }

    before { Bundler.settings.temporary("mirror.https://rubygems.org/" => mirror_uri_with_auth.to_s) }

@ -132,8 +132,8 @@ RSpec.describe Bundler::Source::Rubygems::Remote do

  context "when a mirror with configured credentials is configured for the URI" do
    let(:uri) { Gem::URI("https://rubygems.org/") }
-    let(:mirror_uri_with_auth) { Gem::URI("https://#{credentials}@rubygems-mirror.org/") }
-    let(:mirror_uri_no_auth) { Gem::URI("https://rubygems-mirror.org/") }
+    let(:mirror_uri_with_auth) { Gem::URI("https://#{credentials}@example-mirror.rubygems.org/") }
+    let(:mirror_uri_no_auth) { Gem::URI("https://example-mirror.rubygems.org/") }

    before do
      Bundler.settings.temporary("mirror.https://rubygems.org/" => mirror_uri_no_auth.to_s)
--- a/spec/bundler/bundler/yaml_serializer_spec.rb
+++ b/spec/bundler/bundler/yaml_serializer_spec.rb
@ -112,10 +112,10 @@ RSpec.describe Bundler::YAMLSerializer do

    it "handles colon in key/value" do
      yaml = <<~YAML
-        BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/: http://rubygems-mirror.org
+        BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/: http://example-mirror.rubygems.org
      YAML

-      expect(serializer.load(yaml)).to eq("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://rubygems-mirror.org")
+      expect(serializer.load(yaml)).to eq("BUNDLE_MIRROR__HTTPS://RUBYGEMS__ORG/" => "http://example-mirror.rubygems.org")
    end

    it "handles arrays inside hashes" do