diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-26 14:57:37 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-26 14:57:37 +0000 |
commit | 13f0d48172df4463fd4c2dbded7fdbbbfe88e0a9 (patch) | |
tree | ec69b0b3f5e070aff23f995b97512ed2657d1793 /lib/gitlab/url_sanitizer.rb | |
parent | 581d2902d00f62bb789ba56f80bbb750f989e6cf (diff) | |
download | gitlab-ce-13f0d48172df4463fd4c2dbded7fdbbbfe88e0a9.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-0-stable-ee
Diffstat (limited to 'lib/gitlab/url_sanitizer.rb')
-rw-r--r-- | lib/gitlab/url_sanitizer.rb | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/gitlab/url_sanitizer.rb b/lib/gitlab/url_sanitizer.rb index 215454fe63c..fa40a8b678b 100644 --- a/lib/gitlab/url_sanitizer.rb +++ b/lib/gitlab/url_sanitizer.rb @@ -3,6 +3,7 @@ module Gitlab class UrlSanitizer ALLOWED_SCHEMES = %w[http https ssh git].freeze + ALLOWED_WEB_SCHEMES = %w[http https].freeze def self.sanitize(content) regexp = URI::DEFAULT_PARSER.make_regexp(ALLOWED_SCHEMES) @@ -12,17 +13,21 @@ module Gitlab content.gsub(regexp, '') end - def self.valid?(url) + def self.valid?(url, allowed_schemes: ALLOWED_SCHEMES) return false unless url.present? return false unless url.is_a?(String) uri = Addressable::URI.parse(url.strip) - ALLOWED_SCHEMES.include?(uri.scheme) + allowed_schemes.include?(uri.scheme) rescue Addressable::URI::InvalidURIError false end + def self.valid_web?(url) + valid?(url, allowed_schemes: ALLOWED_WEB_SCHEMES) + end + def initialize(url, credentials: nil) %i[user password].each do |symbol| credentials[symbol] = credentials[symbol].presence if credentials&.key?(symbol) |