diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-03 14:39:58 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-03 14:39:58 +0300 |
commit | a0184c59f6b932034834b7b469eaf45fd121ce82 (patch) | |
tree | ebc7ec1b4424392e484f67c47f120af7f61d1dcc /app | |
parent | 468b5ccaf7a622e55549599ceb5b18220b5bf0aa (diff) |
Add latest changes from gitlab-org/security/gitlab@14-7-stable-ee
Diffstat (limited to 'app')
-rw-r--r-- | app/workers/irker_worker.rb | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/app/workers/irker_worker.rb b/app/workers/irker_worker.rb index 3097a9fbc03..4f51bb69b8c 100644 --- a/app/workers/irker_worker.rb +++ b/app/workers/irker_worker.rb @@ -2,6 +2,7 @@ require 'json' require 'socket' +require 'resolv' class IrkerWorker # rubocop:disable Scalability/IdempotentWorker include ApplicationWorker @@ -43,9 +44,18 @@ class IrkerWorker # rubocop:disable Scalability/IdempotentWorker private def start_connection(irker_server, irker_port) + ip_address = Resolv.getaddress(irker_server) + # handle IP6 addresses + domain = Resolv::IPv6::Regex.match?(ip_address) ? "[#{ip_address}]" : ip_address + begin - @socket = TCPSocket.new irker_server, irker_port - rescue Errno::ECONNREFUSED => e + Gitlab::UrlBlocker.validate!( + "irc://#{domain}", + allow_localhost: allow_local_requests?, + allow_local_network: allow_local_requests?, + schemes: ['irc']) + @socket = TCPSocket.new ip_address, irker_port + rescue Errno::ECONNREFUSED, Gitlab::UrlBlocker::BlockedUrlError => e logger.fatal "Can't connect to Irker daemon: #{e}" return false end @@ -53,6 +63,10 @@ class IrkerWorker # rubocop:disable Scalability/IdempotentWorker true end + def allow_local_requests? + Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services? + end + def send_to_irker(privmsg) to_send = { to: @channels, privmsg: privmsg } |