diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-28 22:01:32 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-28 22:01:37 +0000 |
commit | cbc166ca72db07da07995c60bbbf4e83ba30699d (patch) | |
tree | 6c3f398e6be23b6e3c9aa03e1fe9579f815ebbe3 /lib | |
parent | 36c8a31d573bdd2edd4c87be63eb8dde20a79761 (diff) | |
download | gitlab-ce-cbc166ca72db07da07995c60bbbf4e83ba30699d.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-4-stable-ee
Diffstat (limited to 'lib')
3 files changed, 5 insertions, 3 deletions
diff --git a/lib/bulk_imports/common/pipelines/wiki_pipeline.rb b/lib/bulk_imports/common/pipelines/wiki_pipeline.rb index 6900835b14d..0f92c1f1210 100644 --- a/lib/bulk_imports/common/pipelines/wiki_pipeline.rb +++ b/lib/bulk_imports/common/pipelines/wiki_pipeline.rb @@ -22,7 +22,7 @@ module BulkImports wiki = context.portable.wiki url = data[:url].sub("://", "://oauth2:#{context.configuration.access_token}@") - Gitlab::UrlBlocker.validate!(url, allow_local_network: allow_local_requests?, allow_localhost: allow_local_requests?) + Gitlab::UrlBlocker.validate!(url, schemes: %w[http https], allow_local_network: allow_local_requests?, allow_localhost: allow_local_requests?) wiki.ensure_repository wiki.repository.fetch_as_mirror(url) diff --git a/lib/bulk_imports/projects/pipelines/repository_pipeline.rb b/lib/bulk_imports/projects/pipelines/repository_pipeline.rb index f5ccc1dd922..a2b1f8c5176 100644 --- a/lib/bulk_imports/projects/pipelines/repository_pipeline.rb +++ b/lib/bulk_imports/projects/pipelines/repository_pipeline.rb @@ -21,7 +21,7 @@ module BulkImports url = url.sub("://", "://oauth2:#{context.configuration.access_token}@") project = context.portable - Gitlab::UrlBlocker.validate!(url, allow_local_network: allow_local_requests?, allow_localhost: allow_local_requests?) + Gitlab::UrlBlocker.validate!(url, schemes: %w[http https], allow_local_network: allow_local_requests?, allow_localhost: allow_local_requests?) project.ensure_repository project.repository.fetch_as_mirror(url) diff --git a/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb b/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb index 6d423717a51..e29601927be 100644 --- a/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb +++ b/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb @@ -55,7 +55,9 @@ module BulkImports Gitlab::UrlBlocker.validate!( url, allow_local_network: allow_local_requests?, - allow_localhost: allow_local_requests?) + allow_localhost: allow_local_requests?, + schemes: %w[http https] + ) end def cleanup_snippet_repository(snippet) |