From adad442735ba71ef6dca27590c3dc48552fb1a47 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Tue, 4 Oct 2022 08:46:17 -0700
Subject: [PATCH] Exclude loopback and link local addresses from Google CDN use

Addresses such as 127.0.0.1 and 169.254.0.0 should be excluded when
deciding to use the Google CDN.

This wasn't being used in practice, but for completeness we should
exclude these addresses.

Changelog: changed
---
 app/uploaders/object_storage/cdn/google_cdn.rb       | 2 +-
 spec/uploaders/object_storage/cdn/google_cdn_spec.rb | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/uploaders/object_storage/cdn/google_cdn.rb b/app/uploaders/object_storage/cdn/google_cdn.rb
index ea7683f131cf..c6d28b2e9817 100644
--- a/app/uploaders/object_storage/cdn/google_cdn.rb
+++ b/app/uploaders/object_storage/cdn/google_cdn.rb
@@ -19,7 +19,7 @@ def use_cdn?(request_ip)
 
         ip = IPAddr.new(request_ip)
 
-        return false if ip.private?
+        return false if ip.private? || ip.link_local? || ip.loopback?
 
         !GoogleIpCache.google_ip?(request_ip)
       end
diff --git a/spec/uploaders/object_storage/cdn/google_cdn_spec.rb b/spec/uploaders/object_storage/cdn/google_cdn_spec.rb
index b72f6d66d699..69e4900b8f7a 100644
--- a/spec/uploaders/object_storage/cdn/google_cdn_spec.rb
+++ b/spec/uploaders/object_storage/cdn/google_cdn_spec.rb
@@ -30,6 +30,8 @@
       '2600:1900:4180:0000:0000:0000:0000:0000' | false
       '10.10.1.5'                               | false
       'fc00:0000:0000:0000:0000:0000:0000:0000' | false
+      '127.0.0.1'                               | false
+      '169.254.0.0'                             | false
     end
 
     with_them do
-- 
GitLab