Prevent SSRF attacks in HipChat integration

This change monkey patches the HipChat client to use the GitLab HTTParty connection adapter, which can block access to certain hosts. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/51142
author: Stan Hu <stanhu@gmail.com> 2018-09-28 21:51:02 -0400
committer: Stan Hu <stanhu@gmail.com> 2018-10-02 23:04:37 -0400
commit: 215feb642de94485d7644a532b6a9982d964d539 (patch)
tree: c7d4834cfade13daf8ef1d1e05c12398aef482d2 /config
parent: bf37ff071fca1b61681e42522ffb6a6dcf5c0e8d (diff)
download: gitlab-ce-215feb642de94485d7644a532b6a9982d964d539.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/config/initializers/hipchat_client_patch.rb b/config/initializers/hipchat_client_patch.rb
new file mode 100644
index 00000000000..aec265312bb
--- /dev/null
+++ b/config/initializers/hipchat_client_patch.rb
@@ -0,0 +1,14 @@
+# This monkey patches the HTTParty used in https://github.com/hipchat/hipchat-rb.
+module HipChat
+  class Client
+    connection_adapter ::Gitlab::ProxyHTTPConnectionAdapter
+  end
+
+  class Room
+    connection_adapter ::Gitlab::ProxyHTTPConnectionAdapter
+  end
+
+  class User
+    connection_adapter ::Gitlab::ProxyHTTPConnectionAdapter
+  end
+end
author	Stan Hu <stanhu@gmail.com>	2018-09-28 21:51:02 -0400
committer	Stan Hu <stanhu@gmail.com>	2018-10-02 23:04:37 -0400
commit	215feb642de94485d7644a532b6a9982d964d539 (patch)
tree	c7d4834cfade13daf8ef1d1e05c12398aef482d2 /config
parent	bf37ff071fca1b61681e42522ffb6a6dcf5c0e8d (diff)
download	gitlab-ce-215feb642de94485d7644a532b6a9982d964d539.tar.gz