blob: 37f618ae879106f7f0750a918dd2fc13f4ab2238 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# frozen_string_literal: true
# This class is part of the Gitlab::HTTP wrapper. Depending on the value
# of the global setting allow_local_requests_from_web_hooks_and_services this adapter
# will allow/block connection to internal IPs and/or urls.
#
# This functionality can be overridden by providing the setting the option
# allow_local_requests = true in the request. For example:
# Gitlab::HTTP.get('http://www.gitlab.com', allow_local_requests: true)
#
# This option will take precedence over the global setting.
module Gitlab
class HTTPConnectionAdapter < HTTParty::ConnectionAdapter
extend ::Gitlab::Utils::Override
override :connection
def connection
@uri, hostname = validate_url!(uri)
if options.key?(:http_proxyaddr)
proxy_uri_with_port = uri_with_port(options[:http_proxyaddr], options[:http_proxyport])
proxy_uri_validated = validate_url!(proxy_uri_with_port).first
@options[:http_proxyaddr] = proxy_uri_validated.omit(:port).to_s
@options[:http_proxyport] = proxy_uri_validated.port
end
super.tap do |http|
http.hostname_override = hostname if hostname
end
end
private
def validate_url!(url)
Gitlab::UrlBlocker.validate!(url, allow_local_network: allow_local_requests?,
allow_localhost: allow_local_requests?,
dns_rebind_protection: dns_rebind_protection?)
rescue Gitlab::UrlBlocker::BlockedUrlError => e
raise Gitlab::HTTP::BlockedUrlError, "URL '#{url}' is blocked: #{e.message}"
end
def allow_local_requests?
options.fetch(:allow_local_requests, allow_settings_local_requests?)
end
def dns_rebind_protection?
return false if Gitlab.http_proxy_env?
Gitlab::CurrentSettings.dns_rebinding_protection_enabled?
end
def allow_settings_local_requests?
Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
end
def uri_with_port(address, port)
uri = Addressable::URI.parse(address)
uri.port = port if port.present?
uri
end
end
end
|