Properly handle multiple X-Forwarded-For addresses in runner IP

https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/24624 extracted the X-Forwarded-For address directly, but this didn't consider the case where multiple proxies are in the chain. To fix this, we use the Rails implementation to filter trusted proxies, as documented by Grape: https://github.com/ruby-grape/grape#remote-ip Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/58103

Properly handle multiple X-Forwarded-For addresses in runner IP
d03b7bb1 · Stan Hu · c44c83c4 · d03b7bb1 · d03b7bb1 · d03b7bb1
Commit d03b7bb1 authored 6 years ago by Stan Hu
--- a/changelogs/unreleased/sh-fix-issue-58103.yml
+++ b/changelogs/unreleased/sh-fix-issue-58103.yml
+---
+title: Properly handle multiple X-Forwarded-For addresses in runner IP
+merge_request: 25511
+author:
+type: fixed
--- a/lib/api/helpers/runner.rb
+++ b/lib/api/helpers/runner.rb
@@ -26,7 +26,7 @@ module API
      end
  
      def get_runner_ip
-        { ip_address: request.env["HTTP_X_FORWARDED_FOR"] || request.ip }
+        { ip_address: env["action_dispatch.remote_ip"].to_s || request.ip }
      end
  
      def current_runner

--- a/spec/requests/api/runner_spec.rb
+++ b/spec/requests/api/runner_spec.rb
@@ -526,6 +526,15 @@ describe API::Runner, :clean_gitlab_redis_shared_state do
            expect(runner.reload.ip_address).to eq('123.222.123.222')
          end
  
+          it "handles multiple X-Forwarded-For addresses" do
+            post api('/jobs/request'),
+              params: { token: runner.token },
+              headers: { 'User-Agent' => user_agent, 'X-Forwarded-For' => '123.222.123.222, 127.0.0.1' }
+
+            expect(response).to have_gitlab_http_status 201
+            expect(runner.reload.ip_address).to eq('123.222.123.222')
+          end
+
          context 'when concurrently updating a job' do
            before do
              expect_any_instance_of(Ci::Build).to receive(:run!)