diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-11-26 15:02:01 +0300 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-11-26 15:02:01 +0300 |
| commit | 96d91c7885ec9cbaadf7f6ebd095f6e2b77941aa (patch) | |
| tree | 9609ec0c19a4ac06bd3db3d8a9ab10c6e5cafc22 /app | |
| parent | 26540c9180f5e4f9317dae1bf8bc1b6be2f7f490 (diff) | |
| parent | 8b819da931c86e29c93208527949b62a46da7c02 (diff) | |
Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-5-ce' into '12-5-stable'
Use Gitlab::HTTP for all chat notifications
See merge request gitlab/gitlabhq!3544
Diffstat (limited to 'app')
| -rw-r--r-- | app/models/project_services/chat_notification_service.rb | 7 | ||||
| -rw-r--r-- | app/models/project_services/mattermost_service.rb | 2 | ||||
| -rw-r--r-- | app/models/project_services/slack_service.rb | 24 |
3 files changed, 28 insertions, 5 deletions
diff --git a/app/models/project_services/chat_notification_service.rb b/app/models/project_services/chat_notification_service.rb index ecea1a5b630..b84a79453c1 100644 --- a/app/models/project_services/chat_notification_service.rb +++ b/app/models/project_services/chat_notification_service.rb @@ -113,12 +113,9 @@ class ChatNotificationService < Service private + # every notifier must implement this independently def notify(message, opts) - Slack::Notifier.new(webhook, opts).ping( - message.pretext, - attachments: message.attachments, - fallback: message.fallback - ) + raise NotImplementedError end def custom_data(data) diff --git a/app/models/project_services/mattermost_service.rb b/app/models/project_services/mattermost_service.rb index b8bc83b870e..c1055db78e5 100644 --- a/app/models/project_services/mattermost_service.rb +++ b/app/models/project_services/mattermost_service.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class MattermostService < ChatNotificationService + include ::SlackService::Notifier + def title 'Mattermost notifications' end diff --git a/app/models/project_services/slack_service.rb b/app/models/project_services/slack_service.rb index 482808255f9..7290964f442 100644 --- a/app/models/project_services/slack_service.rb +++ b/app/models/project_services/slack_service.rb @@ -30,4 +30,28 @@ class SlackService < ChatNotificationService def webhook_placeholder 'https://hooks.slack.com/services/…' end + + module Notifier + private + + def notify(message, opts) + # See https://github.com/stevenosloan/slack-notifier#custom-http-client + notifier = Slack::Notifier.new(webhook, opts.merge(http_client: HTTPClient)) + + notifier.ping( + message.pretext, + attachments: message.attachments, + fallback: message.fallback + ) + end + + class HTTPClient + def self.post(uri, params = {}) + params.delete(:http_options) # these are internal to the client and we do not want them + Gitlab::HTTP.post(uri, body: params) + end + end + end + + include Notifier end |