Explicitly reject non http(s) schemes

Rather than relying on NoMethodError deep inside faraday
author: Thong Kuah <tkuah@gitlab.com> 2019-07-24 22:39:40 +1200
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2019-07-29 19:20:30 -0300
commit: d6a7408fd319749b9cd47690f03720d1a5c088ca (patch)
tree: 97fc6230a007aadf679b686a9fe9d8fedbd59897 /lib
parent: 46ef495488d46932b18353739342d503288e0eea (diff)
download: gitlab-ce-d6a7408fd319749b9cd47690f03720d1a5c088ca.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/container_registry/client.rb b/lib/container_registry/client.rb
index c3a19af7a94..82810ea4076 100644
--- a/lib/container_registry/client.rb
+++ b/lib/container_registry/client.rb
@@ -82,7 +82,10 @@ module ContainerRegistry
     def redirect_response(location)
       return unless location
 
-      faraday_redirect.get(location)
+      uri = URI(@base_uri).merge(location)
+      raise ArgumentError, "Invalid scheme for #{location}" unless %w[http https].include?(uri.scheme)
+
+      faraday_redirect.get(uri)
     end
 
     def faraday
author	Thong Kuah <tkuah@gitlab.com>	2019-07-24 22:39:40 +1200
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2019-07-29 19:20:30 -0300
commit	d6a7408fd319749b9cd47690f03720d1a5c088ca (patch)
tree	97fc6230a007aadf679b686a9fe9d8fedbd59897 /lib
parent	46ef495488d46932b18353739342d503288e0eea (diff)
download	gitlab-ce-d6a7408fd319749b9cd47690f03720d1a5c088ca.tar.gz