SECURITY: Expand and improve SSRF Protections (#18815)

See https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr

Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>

spec/models/remote_theme_spec.rb

@@ -49,20 +49,29 @@ RSpec.describe RemoteTheme do
       )
     end
 
+    let :initial_repo_url do
+      MockGitImporter.register("https://example.com/initial_repo.git", initial_repo)
+    end
+
     after do
       `rm -fr #{initial_repo}`
     end
 
-    it 'can correctly import a remote theme' do
+    around(:each) do |group|
+      MockGitImporter.with_mock do
+        group.run
+      end
+    end
 
+    it 'can correctly import a remote theme' do
       time = Time.new('2000')
       freeze_time time
 
-      @theme = RemoteTheme.import_theme(initial_repo)
+      @theme = RemoteTheme.import_theme(initial_repo_url)
       remote = @theme.remote_theme
 
       expect(@theme.name).to eq('awesome theme')
-      expect(remote.remote_url).to eq(initial_repo)
+      expect(remote.remote_url).to eq(initial_repo_url)
       expect(remote.remote_version).to eq(`cd #{initial_repo} && git rev-parse HEAD`.strip)
       expect(remote.local_version).to eq(`cd #{initial_repo} && git rev-parse HEAD`.strip)
 
@@ -160,12 +169,12 @@ RSpec.describe RemoteTheme do
     end
 
     it "can update themes with overwritten history" do
-      theme = RemoteTheme.import_theme(initial_repo)
+      theme = RemoteTheme.import_theme(initial_repo_url)
       remote = theme.remote_theme
 
       old_version = `cd #{initial_repo} && git rev-parse HEAD`.strip
       expect(theme.name).to eq('awesome theme')
-      expect(remote.remote_url).to eq(initial_repo)
+      expect(remote.remote_url).to eq(initial_repo_url)
       expect(remote.local_version).to eq(old_version)
       expect(remote.remote_version).to eq(old_version)