Merge branch 'fj-15329-services-callbacks-ssrf-10-5' into 'security-10-5'

[10.5] Server Side Request Forgery in Services and Web Hooks See merge request gitlab/gitlabhq!2348
author: Douwe Maan <douwe@gitlab.com> 2018-03-13 22:38:27 +0000
committer: Mark Fletcher <mark@gitlab.com> 2018-03-16 12:57:21 +0000
commit: 254529300eeb0a11e50e0b2ebc1abecf9908f13e (patch)
tree: 1b2b7a71b41f57af1413ec2dba472fd5ecf5d0b3 /app/services/projects
parent: c7e4919eaaf385d283fdb8bbb737d898326f7304 (diff)
download: gitlab-ce-254529300eeb0a11e50e0b2ebc1abecf9908f13e.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/services/projects/import_service.rb b/app/services/projects/import_service.rb
index f2d676af5c3..a34024f4f80 100644
--- a/app/services/projects/import_service.rb
+++ b/app/services/projects/import_service.rb
@@ -28,7 +28,7 @@ module Projects
 
     def add_repository_to_project
       if project.external_import? && !unknown_url?
-        raise Error, 'Blocked import URL.' if Gitlab::UrlBlocker.blocked_url?(project.import_url)
+        raise Error, 'Blocked import URL.' if Gitlab::UrlBlocker.blocked_url?(project.import_url, valid_ports: Project::VALID_IMPORT_PORTS)
       end
 
       # We should skip the repository for a GitHub import or GitLab project import,
author	Douwe Maan <douwe@gitlab.com>	2018-03-13 22:38:27 +0000
committer	Mark Fletcher <mark@gitlab.com>	2018-03-16 12:57:21 +0000
commit	254529300eeb0a11e50e0b2ebc1abecf9908f13e (patch)
tree	1b2b7a71b41f57af1413ec2dba472fd5ecf5d0b3 /app/services/projects
parent	c7e4919eaaf385d283fdb8bbb737d898326f7304 (diff)
download	gitlab-ce-254529300eeb0a11e50e0b2ebc1abecf9908f13e.tar.gz