Allow not resolvable urls when rebinding setting is disabled

Now, when the dns rebinging setting is disabled, we will
allow urls that are not resolvable.

1 files changed, 6 insertions, 2 deletions

diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb
index 9c35d200dcb..fab504aa603 100644
--- a/lib/gitlab/url_blocker.rb
+++ b/lib/gitlab/url_blocker.rb
@@ -49,7 +49,7 @@ module Gitlab
         hostname = uri.hostname
         port = get_port(uri)
 
-        address_info = get_address_info(hostname, port)
+        address_info = get_address_info(hostname, port, dns_rebind_protection)
         return [uri, nil] unless address_info
 
         ip_address = ip_address(address_info)
@@ -110,11 +110,15 @@ module Gitlab
         validate_unicode_restriction(uri) if ascii_only
       end
 
-      def get_address_info(hostname, port)
+      def get_address_info(hostname, port, dns_rebind_protection)
         Addrinfo.getaddrinfo(hostname, port, nil, :STREAM).map do |addr|
           addr.ipv6_v4mapped? ? addr.ipv6_to_ipv4 : addr
         end
       rescue SocketError
+        # If the dns rebinding protection is not enabled, we allow
+        # urls that can't be resolved at this point.
+        return unless dns_rebind_protection
+
         # In the test suite we use a lot of mocked urls that are either invalid or
         # don't exist. In order to avoid modifying a ton of tests and factories
         # we allow invalid urls unless the environment variable RSPEC_ALLOW_INVALID_URLS