Merge branch 'security-2736-prometheus-ssrf' into 'master'

[master] Do not follow redirects in prometheus service See merge request gitlab/gitlabhq!2617
author: Cindy Pallares <cindy@gitlab.com> 2018-11-28 18:38:00 +0000
committer: Cindy Pallares <cindy@gitlab.com> 2018-11-28 19:08:32 -0500
commit: 94ab2d5fc80d71df5637e6bbe1f5272daf6aa38c (patch)
tree: e044ce2a16e90cc64373601be7345b259aa19815 /app/models/project_services
parent: 4bc6f2e3ac8e6997ebc3b06867049dc38aa6d6e6 (diff)
download: gitlab-ce-94ab2d5fc80d71df5637e6bbe1f5272daf6aa38c.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/project_services/prometheus_service.rb b/app/models/project_services/prometheus_service.rb
index 211e5c3fcbf..60cb2d380d5 100644
--- a/app/models/project_services/prometheus_service.rb
+++ b/app/models/project_services/prometheus_service.rb
@@ -71,7 +71,7 @@ class PrometheusService < MonitoringService
   end
 
   def prometheus_client
-    RestClient::Resource.new(api_url) if api_url && manual_configuration? && active?
+    RestClient::Resource.new(api_url, max_redirects: 0) if api_url && manual_configuration? && active?
   end
 
   def prometheus_available?
author	Cindy Pallares <cindy@gitlab.com>	2018-11-28 18:38:00 +0000
committer	Cindy Pallares <cindy@gitlab.com>	2018-11-28 19:08:32 -0500
commit	94ab2d5fc80d71df5637e6bbe1f5272daf6aa38c (patch)
tree	e044ce2a16e90cc64373601be7345b259aa19815 /app/models/project_services
parent	4bc6f2e3ac8e6997ebc3b06867049dc38aa6d6e6 (diff)
download	gitlab-ce-94ab2d5fc80d71df5637e6bbe1f5272daf6aa38c.tar.gz