diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-03 14:35:56 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-03 14:35:56 +0300 |
| commit | 33bbb6aa7b6369fea0037f3d8a9243824e48f64f (patch) | |
| tree | 18ae1428e70ddcfe1115f355ebdad6ad6f0a6e56 /lib | |
| parent | 41fd6d4d38aaef723e501ff3ab38ae63e31d4efb (diff) | |
Add latest changes from gitlab-org/security/gitlab@14-7-stable-ee
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/api/helpers/integrations_helpers.rb | 20 | ||||
| -rw-r--r-- | lib/api/package_files.rb | 4 | ||||
| -rw-r--r-- | lib/api/project_packages.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/url_blocker.rb | 8 |
4 files changed, 31 insertions, 3 deletions
diff --git a/lib/api/helpers/integrations_helpers.rb b/lib/api/helpers/integrations_helpers.rb index 3af0dd4c532..72b16a23dd6 100644 --- a/lib/api/helpers/integrations_helpers.rb +++ b/lib/api/helpers/integrations_helpers.rb @@ -197,6 +197,12 @@ module API desc: 'Bamboo root URL like https://bamboo.example.com' }, { + required: false, + name: :enable_ssl_verification, + type: Boolean, + desc: 'Enable SSL verification' + }, + { required: true, name: :build_key, type: String, @@ -368,7 +374,7 @@ module API required: false, name: :enable_ssl_verification, type: Boolean, - desc: 'Enable SSL verification for communication' + desc: 'Enable SSL verification' } ], 'emails-on-push' => [ @@ -468,6 +474,12 @@ module API desc: 'Jenkins root URL like https://jenkins.example.com' }, { + required: false, + name: :enable_ssl_verification, + type: Boolean, + desc: 'Enable SSL verification' + }, + { required: true, name: :project_name, type: String, @@ -749,6 +761,12 @@ module API desc: 'TeamCity root URL like https://teamcity.example.com' }, { + required: false, + name: :enable_ssl_verification, + type: Boolean, + desc: 'Enable SSL verification' + }, + { required: true, name: :build_type, type: String, diff --git a/lib/api/package_files.rb b/lib/api/package_files.rb index 5e421da2c55..3bf47fe1e8b 100644 --- a/lib/api/package_files.rb +++ b/lib/api/package_files.rb @@ -65,7 +65,9 @@ module API not_found! unless package_file - destroy_conditionally!(package_file) + destroy_conditionally!(package_file) do |package_file| + package_file.pending_destruction! + end end end end diff --git a/lib/api/project_packages.rb b/lib/api/project_packages.rb index 54c0a0628a7..c997afea865 100644 --- a/lib/api/project_packages.rb +++ b/lib/api/project_packages.rb @@ -71,7 +71,7 @@ module API .new(user_project, params[:package_id]).execute destroy_conditionally!(package) do |package| - ::Packages::DestroyPackageService.new(container: package, current_user: current_user).execute + ::Packages::MarkPackageForDestructionService.new(container: package, current_user: current_user).execute end end end diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index f092e03046a..48228ede684 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -148,9 +148,17 @@ module Gitlab unless allow_local_network validate_local_network(address_info) validate_link_local(address_info) + validate_shared_address(address_info) end end + def validate_shared_address(addrs_info) + netmask = IPAddr.new('100.64.0.0/10') + return unless addrs_info.any? { |addr| netmask.include?(addr.ip_address) } + + raise BlockedUrlError, "Requests to the shared address space are not allowed" + end + def get_port(uri) uri.port || uri.default_port end |