diff options
author | Rubén Dávila <ruben@gitlab.com> | 2017-03-18 17:56:05 +0000 |
---|---|---|
committer | Ruben Davila <rdavila84@gmail.com> | 2017-03-18 13:38:56 -0500 |
commit | 9ad1d34017b46fedf9038f5b962cd452cf686a1d (patch) | |
tree | 58f246f02381735cfc709c8ef9c1daa447158079 | |
parent | 43f5a2739dbf8f5c4c16a79f98e2630888f6b5d1 (diff) | |
download | gitlab-ce-9ad1d34017b46fedf9038f5b962cd452cf686a1d.tar.gz |
Merge branch 'ssrf' into 'security'
nil check for url_blocker?
See merge request !2076
-rw-r--r-- | lib/gitlab/url_blocker.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index bb2f4edc1a0..7e14a566696 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -8,6 +8,8 @@ module Gitlab VALID_PORTS = [22, 80, 443].freeze def blocked_url?(url) + return false if url.nil? + blocked_ips = ["127.0.0.1", "::1", "0.0.0.0"] blocked_ips.concat(Socket.ip_address_list.map(&:ip_address)) |