diff options
author | Felipe Artur <felipefac@gmail.com> | 2019-07-16 22:49:47 +0300 |
---|---|---|
committer | Felipe Artur <felipefac@gmail.com> | 2019-08-08 16:24:43 +0300 |
commit | 492a7e753d0ef06458163aecc5ca43892a5acc73 (patch) | |
tree | 7af058671bea12ada48cef67ce2346d112d7e417 /app/models/project_services | |
parent | 1dfbb27f6e8d01023564eededff2a0ba1a04badc (diff) |
Fix DNS rebind vulnerability for JIRA integration
Uses Gitlab::HTTP for JIRA requests instead of Net::Http.
Gitlab::Http comes with some built in SSRF protections.
Diffstat (limited to 'app/models/project_services')
-rw-r--r-- | app/models/project_services/jira_service.rb | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/app/models/project_services/jira_service.rb b/app/models/project_services/jira_service.rb index d08fcd8954d..0728c83005e 100644 --- a/app/models/project_services/jira_service.rb +++ b/app/models/project_services/jira_service.rb @@ -64,7 +64,12 @@ class JiraService < IssueTrackerService end def client - @client ||= JIRA::Client.new(options) + @client ||= begin + JIRA::Client.new(options).tap do |client| + # Replaces JIRA default http client with our implementation + client.request_client = Gitlab::Jira::HttpClient.new(client.options) + end + end end def help |