diff options
author | Robert Speicher <rspeicher@gmail.com> | 2019-07-29 21:19:50 +0300 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2019-07-29 21:19:50 +0300 |
commit | fe22704a203111ab2146143a4ff9d2e1256aecc7 (patch) | |
tree | 1bafbd0bdfbd498220cef09c94eb71bf4f9e072f /lib/gitlab/url_blocker.rb | |
parent | f039d592aa6203502be487801777167e433ad9d2 (diff) | |
parent | cc7b15fe935d41aab85918eb7ae7c0ef81f8bfb0 (diff) |
Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq
Diffstat (limited to 'lib/gitlab/url_blocker.rb')
-rw-r--r-- | lib/gitlab/url_blocker.rb | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index eab6762cab7..aac96377152 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -86,8 +86,11 @@ module Gitlab # # The original hostname is used to validate the SSL, given in that scenario # we'll be making the request to the IP address, instead of using the hostname. - def enforce_uri_hostname(ip_address, uri, hostname, dns_rebind_protection) - return [uri, nil] unless dns_rebind_protection && ip_address && ip_address != hostname + def enforce_uri_hostname(addrs_info, uri, hostname, dns_rebind_protection) + address = addrs_info.first + ip_address = address.ip_address + + return [uri, nil] unless dns_rebind_protection && ip_address != hostname uri = uri.dup uri.hostname = ip_address @@ -115,6 +118,15 @@ module Gitlab addr.ipv6_v4mapped? ? addr.ipv6_to_ipv4 : addr end rescue SocketError + # In the test suite we use a lot of mocked urls that are either invalid or + # don't exist. In order to avoid modifying a ton of tests and factories + # we allow invalid urls unless the environment variable RSPEC_ALLOW_INVALID_URLS + # is not true + return if Rails.env.test? && ENV['RSPEC_ALLOW_INVALID_URLS'] == 'true' + + # If the addr can't be resolved or the url is invalid (i.e http://1.1.1.1.1) + # we block the url + raise BlockedUrlError, "Host cannot be resolved or invalid" end def validate_local_request( |