diff options
author | rpereira2 <rpereira@gitlab.com> | 2019-07-20 00:47:14 +0530 |
---|---|---|
committer | rpereira2 <rpereira@gitlab.com> | 2019-07-24 13:24:11 +0530 |
commit | 2949cef813674555cf9f0cf919e3717876fb0e63 (patch) | |
tree | d5056035ab9062f5f301e69c84acd798b8b72161 | |
parent | d66ff3c424570116c6861c1881dcde3bced4bca6 (diff) | |
download | gitlab-ce-44496-outbound_requests_whitelist.tar.gz |
Add validations for entries in whitelist44496-outbound_requests_whitelist
- Add validation that all entries are ascii only.
- Add validation that no entry contains HTML tags.
-rw-r--r-- | app/models/application_setting.rb | 6 | ||||
-rw-r--r-- | spec/models/application_setting_spec.rb | 6 |
2 files changed, 7 insertions, 5 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index e8e3f650beb..a769a8f07fd 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -44,11 +44,7 @@ class ApplicationSetting < ApplicationRecord validates :outbound_local_requests_whitelist, length: { maximum: 1_000, message: N_('is too long (maximum is 1000 entries)') } - validates_each :outbound_local_requests_whitelist do |record, attr, value| - next unless value&.any? { |entry| entry.size > 255 } - - record.errors.add(attr, _('entries cannot be larger than 255 characters')) - end + validates :outbound_local_requests_whitelist, qualified_domain_array: true, allow_blank: true validates :session_expire_delay, presence: true, diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index e792c6e1594..bd87bbd8d68 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -41,6 +41,12 @@ describe ApplicationSetting do it { is_expected.not_to allow_value(['192.168.1.1'] * 1_001).for(:outbound_local_requests_whitelist) } it { is_expected.to allow_value(['1' * 255]).for(:outbound_local_requests_whitelist) } it { is_expected.not_to allow_value(['1' * 256]).for(:outbound_local_requests_whitelist) } + it { is_expected.not_to allow_value(['ğitlab.com']).for(:outbound_local_requests_whitelist) } + it { is_expected.to allow_value(['xn--itlab-j1a.com']).for(:outbound_local_requests_whitelist) } + it { is_expected.not_to allow_value(['<h1></h1>']).for(:outbound_local_requests_whitelist) } + it { is_expected.to allow_value(['gitlab.com']).for(:outbound_local_requests_whitelist) } + it { is_expected.to allow_value(nil).for(:outbound_local_requests_whitelist) } + it { is_expected.to allow_value([]).for(:outbound_local_requests_whitelist) } context "when user accepted let's encrypt terms of service" do before do |