diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-03-14 01:38:25 +0300 |
---|---|---|
committer | Mark Fletcher <mark@gitlab.com> | 2018-03-21 17:39:21 +0300 |
commit | 95ced3bb5fa52e166aa03ee592f63180601cbde7 (patch) | |
tree | 8e75e6ccf9a443ba004b11891b84518fd7cfe884 /db | |
parent | 30c480c2b3f4709f592d8b095f8653df940f6845 (diff) |
Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6'
Server Side Request Forgery in Services and Web Hooks
See merge request gitlab/gitlabhq!2337
Diffstat (limited to 'db')
-rw-r--r-- | db/migrate/20180223144945_add_allow_local_requests_from_hooks_and_services_to_application_settings.rb | 18 | ||||
-rw-r--r-- | db/schema.rb | 1 |
2 files changed, 19 insertions, 0 deletions
diff --git a/db/migrate/20180223144945_add_allow_local_requests_from_hooks_and_services_to_application_settings.rb b/db/migrate/20180223144945_add_allow_local_requests_from_hooks_and_services_to_application_settings.rb new file mode 100644 index 00000000000..c994a54698b --- /dev/null +++ b/db/migrate/20180223144945_add_allow_local_requests_from_hooks_and_services_to_application_settings.rb @@ -0,0 +1,18 @@ +class AddAllowLocalRequestsFromHooksAndServicesToApplicationSettings < ActiveRecord::Migration + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + disable_ddl_transaction! + + def up + add_column_with_default(:application_settings, :allow_local_requests_from_hooks_and_services, + :boolean, + default: false, + allow_null: false) + end + + def down + remove_column(:application_settings, :allow_local_requests_from_hooks_and_services) + end +end diff --git a/db/schema.rb b/db/schema.rb index 3ff1a8754e2..83bda7ab17c 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -157,6 +157,7 @@ ActiveRecord::Schema.define(version: 20180309160427) do t.boolean "authorized_keys_enabled", default: true, null: false t.string "auto_devops_domain" t.boolean "pages_domain_verification_enabled", default: true, null: false + t.boolean "allow_local_requests_from_hooks_and_services", default: false, null: false end create_table "audit_events", force: :cascade do |t| |