From 83abc24ba86a7de2ceb69c12caf5f49e2d6f0db6 Mon Sep 17 00:00:00 2001
From: RahulGautamSingh <rahultesnik@gmail.com>
Date: Tue, 13 Feb 2024 19:43:51 +0545
Subject: [PATCH] fix(config-validator): unset `GlobalConfig` class issue
 (#27261)

---
 lib/config/validation.spec.ts | 70 +++++++++++++++++++++++++++++++++++
 lib/config/validation.ts      |  4 +-
 2 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/lib/config/validation.spec.ts b/lib/config/validation.spec.ts
index 7798ceaebb..b3d006ce6b 100644
--- a/lib/config/validation.spec.ts
+++ b/lib/config/validation.spec.ts
@@ -1075,5 +1075,75 @@ describe('config/validation', () => {
         },
       ]);
     });
+
+    it('errors if allowedHeaders is empty or not defined', async () => {
+      GlobalConfig.set({});
+
+      const config = {
+        hostRules: [
+          {
+            matchHost: 'https://domain.com/all-versions',
+            headers: {
+              'X-Auth-Token': 'token',
+            },
+          },
+        ],
+      };
+      const { warnings, errors } = await configValidation.validateConfig(
+        false,
+        config,
+      );
+      expect(warnings).toHaveLength(0);
+      expect(errors).toMatchObject([
+        {
+          message:
+            "hostRules header `X-Auth-Token` is not allowed by this bot's `allowedHeaders`.",
+          topic: 'Configuration Error',
+        },
+      ]);
+    });
+  });
+
+  describe('validateConfig() -> globaOnly options', () => {
+    it('validates hostRules.headers', async () => {
+      const config = {
+        hostRules: [
+          {
+            matchHost: 'https://domain.com/all-versions',
+            headers: {
+              'X-Auth-Token': 'token',
+            },
+          },
+        ],
+        allowedHeaders: ['X-Auth-Token'],
+      };
+      const { warnings, errors } = await configValidation.validateConfig(
+        true,
+        config,
+      );
+      expect(warnings).toHaveLength(0);
+      expect(errors).toHaveLength(0);
+    });
+
+    it('errors if hostRules.headers is defined but allowedHeaders is not', async () => {
+      const config = {
+        hostRules: [
+          {
+            matchHost: 'https://domain.com/all-versions',
+            headers: {
+              'X-Auth-Token': 'token',
+            },
+          },
+        ],
+      };
+      const { errors } = await configValidation.validateConfig(true, config);
+      expect(errors).toMatchObject([
+        {
+          message:
+            "hostRules header `X-Auth-Token` is not allowed by this bot's `allowedHeaders`.",
+          topic: 'Configuration Error',
+        },
+      ]);
+    });
   });
 });
diff --git a/lib/config/validation.ts b/lib/config/validation.ts
index f1d0a36ca8..240f9a0403 100644
--- a/lib/config/validation.ts
+++ b/lib/config/validation.ts
@@ -710,7 +710,9 @@ export async function validateConfig(
     }
 
     if (key === 'hostRules' && is.array(val)) {
-      const allowedHeaders = GlobalConfig.get('allowedHeaders', []);
+      const allowedHeaders = isGlobalConfig
+        ? (config.allowedHeaders as string[]) ?? []
+        : GlobalConfig.get('allowedHeaders', []);
       for (const rule of val as HostRule[]) {
         if (!rule.headers) {
           continue;
-- 
GitLab