Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/url_blocker_spec.rb
AgeCommit message (Collapse)Author
2019-07-24[ADD] outbound requests whitelistReuben Pereira
Signed-off-by: Istvan szalai <istvan.szalai@savoirfairelinux.com>
2019-07-12Don't use bang method when there is no safe methodReuben Pereira
https://github.com/rubocop-hq/ruby-style-guide#dangerous-method-bang
2019-05-30Add DNS rebinding protection settingsOswaldo Ferreira
2019-05-30Protect Gitlab::HTTP against DNS rebinding attackDouwe Maan
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not blocked, and then uses the same IP to perform the actual request, while passing the original hostname in the `Host` header and SSL SNI field.
2019-04-11Align UrlValidator to validate_url gem implementation.Thong Kuah
Renamed UrlValidator to AddressableUrlValidator to avoid 'url:' naming collision with ActiveModel::Validations::UrlValidator in 'validates' statement. Make use of the options attribute of the parent class ActiveModel::EachValidator. Add more options: allow_nil, allow_blank, message. Renamed 'protocols' option to 'schemes' to match the option naming from UrlValidator.
2018-12-06Allow URLs to be validated as ascii_onlyJames Edwards-Jones
Restricts unicode characters and IDNA deviations which could be used in a phishing attack
2018-11-29Merge branch 'security-11-5-fix-webhook-ssrf-ipv6' into 'security-11-5'Steve Azzopardi
[11.5] Fix SSRF in project integrations See merge request gitlab/gitlabhq!2611
2018-11-29Merge branch 'security-stored-xss-for-environments' into 'master'Cindy Pallares
[master] Stored XSS for Environments Closes #2727 See merge request gitlab/gitlabhq!2594
2018-09-06Block loopback addresses in UrlBlockerStan Hu
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/51128
2018-08-13Block link-local addresses in URLBlockerStan Hu
Closes https://gitlab.com/gitlab-com/migration/issues/766
2018-06-11Avoid checking the user format in every url validationFrancisco Javier López
2018-06-01Add validation to webhook and service URLs to ensure they are not blocked ↵Francisco Javier López
because of SSRF
2018-04-02Rename allow_private_networks to allow_local_networkDouwe Maan
2018-03-21Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6'Douwe Maan
Server Side Request Forgery in Services and Web Hooks See merge request gitlab/gitlabhq!2337
2017-11-09Merge branch 'ssrf-protections-round-2' into 'security-10-1'Douwe Maan
Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions See merge request gitlab/gitlabhq!2219 (cherry picked from commit 4a1e73783d5480aa514db7b53e10c075f95580b5) 1bffa0c3 Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
2017-08-10Merge branch 'rs-alphanumeric-ssh-params' into 'security-9-4'James Edwards-Jones
Ensure user and hostnames begin with an alnum character in UrlBlocker See merge request !2138
2017-07-27Remove superfluous lib: true, type: redis, service: true, models: true, ↵Rémy Coutable
services: true, no_db: true, api: true Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-03-21Merge branch 'ssrf' into 'security' Douwe Maan
Protect server against SSRF in project import URLs See merge request !2068
    generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 10:49:19 +0300