summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrpereira2 <rpereira@gitlab.com>2019-07-20 00:47:14 +0530
committerrpereira2 <rpereira@gitlab.com>2019-07-24 13:24:11 +0530
commit2949cef813674555cf9f0cf919e3717876fb0e63 (patch)
treed5056035ab9062f5f301e69c84acd798b8b72161
parentd66ff3c424570116c6861c1881dcde3bced4bca6 (diff)
downloadgitlab-ce-44496-outbound_requests_whitelist.tar.gz
Add validations for entries in whitelist44496-outbound_requests_whitelist
- Add validation that all entries are ascii only. - Add validation that no entry contains HTML tags.
Diffstat
-rw-r--r--app/models/application_setting.rb6
-rw-r--r--spec/models/application_setting_spec.rb6
2 files changed, 7 insertions, 5 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index e8e3f650beb..a769a8f07fd 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -44,11 +44,7 @@ class ApplicationSetting < ApplicationRecord
validates :outbound_local_requests_whitelist,
length: { maximum: 1_000, message: N_('is too long (maximum is 1000 entries)') }
- validates_each :outbound_local_requests_whitelist do |record, attr, value|
- next unless value&.any? { |entry| entry.size > 255 }
-
- record.errors.add(attr, _('entries cannot be larger than 255 characters'))
- end
+ validates :outbound_local_requests_whitelist, qualified_domain_array: true, allow_blank: true
validates :session_expire_delay,
presence: true,
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb
index e792c6e1594..bd87bbd8d68 100644
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -41,6 +41,12 @@ describe ApplicationSetting do
it { is_expected.not_to allow_value(['192.168.1.1'] * 1_001).for(:outbound_local_requests_whitelist) }
it { is_expected.to allow_value(['1' * 255]).for(:outbound_local_requests_whitelist) }
it { is_expected.not_to allow_value(['1' * 256]).for(:outbound_local_requests_whitelist) }
+ it { is_expected.not_to allow_value(['ğitlab.com']).for(:outbound_local_requests_whitelist) }
+ it { is_expected.to allow_value(['xn--itlab-j1a.com']).for(:outbound_local_requests_whitelist) }
+ it { is_expected.not_to allow_value(['<h1></h1>']).for(:outbound_local_requests_whitelist) }
+ it { is_expected.to allow_value(['gitlab.com']).for(:outbound_local_requests_whitelist) }
+ it { is_expected.to allow_value(nil).for(:outbound_local_requests_whitelist) }
+ it { is_expected.to allow_value([]).for(:outbound_local_requests_whitelist) }
context "when user accepted let's encrypt terms of service" do
before do
View Lorry Controller Status