Check validity of prometheus_service before query

Check validity before querying so that if the dns entry for the api_url has been changed to something invalid after the model was saved and checked for validity, it will not query. This is to solve a toctou (time of check to time of use) issue.
author: Reuben Pereira <rpereira@gitlab.com> 2019-02-27 14:20:38 +0000
committer: Yorick Peterse <yorickpeterse@gmail.com> 2019-02-27 14:20:38 +0000
commit: 5f136e46f15e61a1df42a9e84cc9530190e6dee5 (patch)
tree: 5a4d84aec78f8f5bf655418aec99c07960a289a6 /changelogs
parent: d277453a2300536ba09937e97319c8e3d190cc04 (diff)
download: gitlab-ce-5f136e46f15e61a1df42a9e84cc9530190e6dee5.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-55468-check-validity-before-querying.yml b/changelogs/unreleased/security-55468-check-validity-before-querying.yml
new file mode 100644
index 00000000000..8bb11a97f52
--- /dev/null
+++ b/changelogs/unreleased/security-55468-check-validity-before-querying.yml
@@ -0,0 +1,5 @@
+---
+title: Fix blind SSRF in Prometheus integration by checking URL before querying
+merge_request:
+author:
+type: security
author	Reuben Pereira <rpereira@gitlab.com>	2019-02-27 14:20:38 +0000
committer	Yorick Peterse <yorickpeterse@gmail.com>	2019-02-27 14:20:38 +0000
commit	5f136e46f15e61a1df42a9e84cc9530190e6dee5 (patch)
tree	5a4d84aec78f8f5bf655418aec99c07960a289a6 /changelogs
parent	d277453a2300536ba09937e97319c8e3d190cc04 (diff)
download	gitlab-ce-5f136e46f15e61a1df42a9e84cc9530190e6dee5.tar.gz