diff options
Diffstat (limited to 'lib/gitlab/url_blockers')
-rw-r--r-- | lib/gitlab/url_blockers/url_whitelist.rb | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/lib/gitlab/url_blockers/url_whitelist.rb b/lib/gitlab/url_blockers/url_whitelist.rb new file mode 100644 index 00000000000..a0cfcbc49a3 --- /dev/null +++ b/lib/gitlab/url_blockers/url_whitelist.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +module Gitlab + module UrlBlockers + class UrlWhitelist + class << self + def ip_whitelisted?(ip_string) + return false if ip_string.blank? + + ip_whitelist, _ = outbound_local_requests_whitelist_arrays + ip_obj = Gitlab::Utils.string_to_ip_object(ip_string) + + ip_whitelist.any? { |ip| ip.include?(ip_obj) } + end + + def domain_whitelisted?(domain_string) + return false if domain_string.blank? + + _, domain_whitelist = outbound_local_requests_whitelist_arrays + + domain_whitelist.include?(domain_string) + end + + private + + attr_reader :ip_whitelist, :domain_whitelist + + # We cannot use Gitlab::CurrentSettings as ApplicationSetting itself + # calls this class. This ends up in a cycle where + # Gitlab::CurrentSettings creates an ApplicationSetting which then + # calls this method. + # + # See https://gitlab.com/gitlab-org/gitlab-ee/issues/9833 + def outbound_local_requests_whitelist_arrays + return [[], []] unless ApplicationSetting.current + + ApplicationSetting.current.outbound_local_requests_whitelist_arrays + end + end + end + end +end |