Raise more descriptive errors when URLs are blocked

author: Douwe Maan <douwe@selenight.nl> 2018-03-28 19:27:16 +0200
committer: Douwe Maan <douwe@selenight.nl> 2018-04-02 17:20:01 +0200
commit: 2e3bc6a9415688d769134ee669fd457d63f497f8 (patch)
tree: 2f92ef930bbf16b90e01920cc22d78003e39f7cf /app/validators
parent: 6b5ec93ad9e3a55ae0cba4fb677c2a6cff04cd70 (diff)
download: gitlab-ce-2e3bc6a9415688d769134ee669fd457d63f497f8.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/app/validators/importable_url_validator.rb b/app/validators/importable_url_validator.rb
index 3ec1594e202..cafb43e69a2 100644
--- a/app/validators/importable_url_validator.rb
+++ b/app/validators/importable_url_validator.rb
@@ -4,8 +4,10 @@
 # protect against Server-side Request Forgery (SSRF).
 class ImportableUrlValidator < ActiveModel::EachValidator
   def validate_each(record, attribute, value)
-    if Gitlab::UrlBlocker.blocked_url?(value, valid_ports: Project::VALID_IMPORT_PORTS)
-      record.errors.add(attribute, "imports are not allowed from that URL")
+    begin
+      Gitlab::UrlBlocker.validate!(value, valid_ports: Project::VALID_IMPORT_PORTS)
+    rescue Gitlab::UrlBlocker::BlockedUrlError => e
+      record.errors.add(attribute, "is blocked: #{e.message}")
     end
   end
 end
author	Douwe Maan <douwe@selenight.nl>	2018-03-28 19:27:16 +0200
committer	Douwe Maan <douwe@selenight.nl>	2018-04-02 17:20:01 +0200
commit	2e3bc6a9415688d769134ee669fd457d63f497f8 (patch)
tree	2f92ef930bbf16b90e01920cc22d78003e39f7cf /app/validators
parent	6b5ec93ad9e3a55ae0cba4fb677c2a6cff04cd70 (diff)
download	gitlab-ce-2e3bc6a9415688d769134ee669fd457d63f497f8.tar.gz