From 215feb642de94485d7644a532b6a9982d964d539 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Fri, 28 Sep 2018 21:51:02 -0400
Subject: Prevent SSRF attacks in HipChat integration

This change monkey patches the HipChat client to use the GitLab HTTParty
connection adapter, which can block access to certain hosts.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/51142
---
 config/initializers/hipchat_client_patch.rb | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 config/initializers/hipchat_client_patch.rb

(limited to 'config')

diff --git a/config/initializers/hipchat_client_patch.rb b/config/initializers/hipchat_client_patch.rb
new file mode 100644
index 00000000000..aec265312bb
--- /dev/null
+++ b/config/initializers/hipchat_client_patch.rb
@@ -0,0 +1,14 @@
+# This monkey patches the HTTParty used in https://github.com/hipchat/hipchat-rb.
+module HipChat
+  class Client
+    connection_adapter ::Gitlab::ProxyHTTPConnectionAdapter
+  end
+
+  class Room
+    connection_adapter ::Gitlab::ProxyHTTPConnectionAdapter
+  end
+
+  class User
+    connection_adapter ::Gitlab::ProxyHTTPConnectionAdapter
+  end
+end
-- 
cgit v1.2.3