diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-18 03:07:43 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-03-18 03:07:43 +0300 |
commit | 8a55899cab04afa065fc681b42da746c93de7bfe (patch) | |
tree | 2b99a3340edf639216b46904a34867e7226d9c6a /lib/gitlab/url_blocker.rb | |
parent | 93003eb1155fdc2ce078fa03c74d7f15e83a80de (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/url_blocker.rb')
-rw-r--r-- | lib/gitlab/url_blocker.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index 60c002853b1..fe8c2227659 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -153,6 +153,7 @@ module Gitlab validate_local_network(address_info) validate_link_local(address_info) validate_shared_address(address_info) + validate_limited_broadcast_address(address_info) end end @@ -257,6 +258,17 @@ module Gitlab raise BlockedUrlError, "Requests to the link local network are not allowed" end + # Raises a BlockedUrlError if any IP in `addrs_info` is the limited + # broadcast address. + # https://datatracker.ietf.org/doc/html/rfc919#section-7 + def validate_limited_broadcast_address(addrs_info) + blocked_ips = ["255.255.255.255"] + + return if (blocked_ips & addrs_info.map(&:ip_address)).empty? + + raise BlockedUrlError, "Requests to the limited broadcast address are not allowed" + end + def internal?(uri) internal_web?(uri) || internal_shell?(uri) end |