From d6a7408fd319749b9cd47690f03720d1a5c088ca Mon Sep 17 00:00:00 2001
From: Thong Kuah <tkuah@gitlab.com>
Date: Wed, 24 Jul 2019 22:39:40 +1200
Subject: Explicitly reject non http(s) schemes

Rather than relying on NoMethodError deep inside faraday
---
 lib/container_registry/client.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'lib/container_registry')

diff --git a/lib/container_registry/client.rb b/lib/container_registry/client.rb
index c3a19af7a94..82810ea4076 100644
--- a/lib/container_registry/client.rb
+++ b/lib/container_registry/client.rb
@@ -82,7 +82,10 @@ module ContainerRegistry
     def redirect_response(location)
       return unless location
 
-      faraday_redirect.get(location)
+      uri = URI(@base_uri).merge(location)
+      raise ArgumentError, "Invalid scheme for #{location}" unless %w[http https].include?(uri.scheme)
+
+      faraday_redirect.get(uri)
     end
 
     def faraday
-- 
cgit v1.2.3