diff options
author | Rubén Dávila <ruben@gitlab.com> | 2017-03-18 17:56:05 +0000 |
---|---|---|
committer | Ruben Davila <rdavila84@gmail.com> | 2017-03-18 13:55:10 -0500 |
commit | 78d47070ca515fd36cdcf89fe7518e44a71387ac (patch) | |
tree | 52023ac8e8012b992b0237f654b8133d75ac0518 | |
parent | a70346fc6530aa28a98e4aa4cf0f40e2c3bcef6b (diff) | |
download | gitlab-ce-78d47070ca515fd36cdcf89fe7518e44a71387ac.tar.gz |
Merge branch 'ssrf' into 'security'
nil check for url_blocker?
See merge request !2076
-rw-r--r-- | lib/gitlab/url_blocker.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index bb2f4edc1a0..7e14a566696 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -8,6 +8,8 @@ module Gitlab VALID_PORTS = [22, 80, 443].freeze def blocked_url?(url) + return false if url.nil? + blocked_ips = ["127.0.0.1", "::1", "0.0.0.0"] blocked_ips.concat(Socket.ip_address_list.map(&:ip_address)) |