diff options
author | Rubén Dávila <ruben@gitlab.com> | 2017-03-18 20:56:05 +0300 |
---|---|---|
committer | DJ Mountney <david@twkie.net> | 2017-03-21 04:53:45 +0300 |
commit | 83a0c39808b132e8759d75cc774e0724f56b17ab (patch) | |
tree | b47b99a8cb17322a2e8ab3a22fa75d6c48fc491f /lib/gitlab/url_blocker.rb | |
parent | 65aafb9917fb8fd4d26ca096681ca29a9a6ddda2 (diff) |
Merge branch 'ssrf' into 'security'
nil check for url_blocker?
See merge request !2076
Diffstat (limited to 'lib/gitlab/url_blocker.rb')
-rw-r--r-- | lib/gitlab/url_blocker.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index bb2f4edc1a0..7e14a566696 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -8,6 +8,8 @@ module Gitlab VALID_PORTS = [22, 80, 443].freeze def blocked_url?(url) + return false if url.nil? + blocked_ips = ["127.0.0.1", "::1", "0.0.0.0"] blocked_ips.concat(Socket.ip_address_list.map(&:ip_address)) |