Do not allow localhost url redirection in GitHub Integration

author: manojmj <mmj@gitlab.com> 2019-06-27 12:14:01 +0300
committer: manojmj <mmj@gitlab.com> 2019-07-05 12:39:04 +0300
commit: c93ce836930a875452432ccc0c92733fb8adda29 (patch)
tree: a29f7f6461bfd79983cb305d9a7d89ff5ecec3b3 /lib/gitlab/octokit
parent: d1154dcd2b3b126cc4d6c3bba87c47b6669e697c (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/gitlab/octokit/middleware.rb b/lib/gitlab/octokit/middleware.rb
new file mode 100644
index 00000000000..2f762957d1b
--- /dev/null
+++ b/lib/gitlab/octokit/middleware.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module Octokit
+    class Middleware
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        Gitlab::UrlBlocker.validate!(env[:url], { allow_localhost: allow_local_requests?, allow_local_network: allow_local_requests? })
+
+        @app.call(env)
+      end
+
+      private
+
+      def allow_local_requests?
+        Gitlab::CurrentSettings.allow_local_requests_from_hooks_and_services?
+      end
+    end
+  end
+end
author	manojmj <mmj@gitlab.com>	2019-06-27 12:14:01 +0300
committer	manojmj <mmj@gitlab.com>	2019-07-05 12:39:04 +0300
commit	c93ce836930a875452432ccc0c92733fb8adda29 (patch)
tree	a29f7f6461bfd79983cb305d9a7d89ff5ecec3b3 /lib/gitlab/octokit
parent	d1154dcd2b3b126cc4d6c3bba87c47b6669e697c (diff)