diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-11-26 15:01:46 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-11-26 15:01:46 +0300 |
commit | 774a7ed239a9f3ad2f31246b6d6e32dbac82b3f1 (patch) | |
tree | 8a91d0be731e763930ab2a1687e6fef081994a77 /app | |
parent | 7e789039da06ad05a0326fc248ae86a446270ea6 (diff) | |
parent | cd39502d5911bdcd0d6e4162d12e990d0f643486 (diff) |
Merge branch 'security-dns-rebind-ssrf-in-slack-notifications-12-4-ce' into '12-4-stable'
Use Gitlab::HTTP for all chat notifications
See merge request gitlab/gitlabhq!3516
Diffstat (limited to 'app')
-rw-r--r-- | app/models/project_services/chat_notification_service.rb | 7 | ||||
-rw-r--r-- | app/models/project_services/mattermost_service.rb | 2 | ||||
-rw-r--r-- | app/models/project_services/slack_service.rb | 24 |
3 files changed, 28 insertions, 5 deletions
diff --git a/app/models/project_services/chat_notification_service.rb b/app/models/project_services/chat_notification_service.rb index ecea1a5b630..b84a79453c1 100644 --- a/app/models/project_services/chat_notification_service.rb +++ b/app/models/project_services/chat_notification_service.rb @@ -113,12 +113,9 @@ class ChatNotificationService < Service private + # every notifier must implement this independently def notify(message, opts) - Slack::Notifier.new(webhook, opts).ping( - message.pretext, - attachments: message.attachments, - fallback: message.fallback - ) + raise NotImplementedError end def custom_data(data) diff --git a/app/models/project_services/mattermost_service.rb b/app/models/project_services/mattermost_service.rb index b8bc83b870e..c1055db78e5 100644 --- a/app/models/project_services/mattermost_service.rb +++ b/app/models/project_services/mattermost_service.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class MattermostService < ChatNotificationService + include ::SlackService::Notifier + def title 'Mattermost notifications' end diff --git a/app/models/project_services/slack_service.rb b/app/models/project_services/slack_service.rb index 482808255f9..7290964f442 100644 --- a/app/models/project_services/slack_service.rb +++ b/app/models/project_services/slack_service.rb @@ -30,4 +30,28 @@ class SlackService < ChatNotificationService def webhook_placeholder 'https://hooks.slack.com/services/…' end + + module Notifier + private + + def notify(message, opts) + # See https://github.com/stevenosloan/slack-notifier#custom-http-client + notifier = Slack::Notifier.new(webhook, opts.merge(http_client: HTTPClient)) + + notifier.ping( + message.pretext, + attachments: message.attachments, + fallback: message.fallback + ) + end + + class HTTPClient + def self.post(uri, params = {}) + params.delete(:http_options) # these are internal to the client and we do not want them + Gitlab::HTTP.post(uri, body: params) + end + end + end + + include Notifier end |