diff options
author | Clement Ho <clemmakesapps@gmail.com> | 2018-12-08 06:02:18 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2018-12-17 18:11:36 +0300 |
commit | 9ac854a7a1155292a74de432cba57dafa969e1d8 (patch) | |
tree | 6f5ef2e434619d2f2df91b487b828737f364101d /lib | |
parent | d5d663ef5c3a2f6ac4fb691ab9c9a5c8de21e427 (diff) |
Merge branch 'ce-jej/group-saml-sso-button-link-description' into 'master'
[CE] Backport SAML unlink changes: UrlBlocker#ascii_only
See merge request gitlab-org/gitlab-ce!23627
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/url_blocker.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index b8040f73cee..44c71f8431d 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -8,7 +8,7 @@ module Gitlab BlockedUrlError = Class.new(StandardError) class << self - def validate!(url, allow_localhost: false, allow_local_network: true, enforce_user: false, ports: [], protocols: []) + def validate!(url, ports: [], protocols: [], allow_localhost: false, allow_local_network: true, ascii_only: false, enforce_user: false) return true if url.nil? # Param url can be a string, URI or Addressable::URI @@ -22,6 +22,7 @@ module Gitlab validate_port!(port, ports) if ports.any? validate_user!(uri.user) if enforce_user validate_hostname!(uri.hostname) + validate_unicode_restriction!(uri) if ascii_only begin addrs_info = Addrinfo.getaddrinfo(uri.hostname, port, nil, :STREAM).map do |addr| @@ -91,6 +92,12 @@ module Gitlab raise BlockedUrlError, "Hostname or IP address invalid" end + def validate_unicode_restriction!(uri) + return if uri.to_s.ascii_only? + + raise BlockedUrlError, "URI must be ascii only #{uri.to_s.dump}" + end + def validate_localhost!(addrs_info) local_ips = ["::", "0.0.0.0"] local_ips.concat(Socket.ip_address_list.map(&:ip_address)) |