diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-03-14 01:38:25 +0300 |
---|---|---|
committer | Mark Fletcher <mark@gitlab.com> | 2018-03-21 17:39:21 +0300 |
commit | 95ced3bb5fa52e166aa03ee592f63180601cbde7 (patch) | |
tree | 8e75e6ccf9a443ba004b11891b84518fd7cfe884 /lib/gitlab/http.rb | |
parent | 30c480c2b3f4709f592d8b095f8653df940f6845 (diff) |
Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6'
Server Side Request Forgery in Services and Web Hooks
See merge request gitlab/gitlabhq!2337
Diffstat (limited to 'lib/gitlab/http.rb')
-rw-r--r-- | lib/gitlab/http.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/gitlab/http.rb b/lib/gitlab/http.rb new file mode 100644 index 00000000000..96558872a37 --- /dev/null +++ b/lib/gitlab/http.rb @@ -0,0 +1,11 @@ +# This class is used as a proxy for all outbounding http connection +# coming from callbacks, services and hooks. The direct use of the HTTParty +# is discouraged because it can lead to several security problems, like SSRF +# calling internal IP or services. +module Gitlab + class HTTP + include HTTParty # rubocop:disable Gitlab/HTTParty + + connection_adapter ProxyHTTPConnectionAdapter + end +end |