diff options
author | Regis <boudinot.regis@yahoo.com> | 2017-03-21 09:08:28 -0600 |
---|---|---|
committer | Regis <boudinot.regis@yahoo.com> | 2017-03-21 09:08:28 -0600 |
commit | 0b75b821c6cfd173291fcfd88c41da9922d082dd (patch) | |
tree | 41b578d299bd77423aa3591955a4cb5ca07ab025 /app/validators/importable_url_validator.rb | |
parent | 6342da7bb6cbba1b1e026fc62a1da42b811b25f4 (diff) | |
parent | a08c707c928092426e2334423e71c6b841309ddf (diff) | |
download | gitlab-ce-issue-title-vue.tar.gz |
update to current master and fix conflictsissue-title-vue
Diffstat (limited to 'app/validators/importable_url_validator.rb')
-rw-r--r-- | app/validators/importable_url_validator.rb | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/app/validators/importable_url_validator.rb b/app/validators/importable_url_validator.rb new file mode 100644 index 00000000000..37a314adee6 --- /dev/null +++ b/app/validators/importable_url_validator.rb @@ -0,0 +1,11 @@ +# ImportableUrlValidator +# +# This validator blocks projects from using dangerous import_urls to help +# protect against Server-side Request Forgery (SSRF). +class ImportableUrlValidator < ActiveModel::EachValidator + def validate_each(record, attribute, value) + if Gitlab::UrlBlocker.blocked_url?(value) + record.errors.add(attribute, "imports are not allowed from that URL") + end + end +end |