diff options
Diffstat (limited to 'app/services/import/github_service.rb')
-rw-r--r-- | app/services/import/github_service.rb | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/app/services/import/github_service.rb b/app/services/import/github_service.rb index a2923b1e4f9..948dba2d206 100644 --- a/app/services/import/github_service.rb +++ b/app/services/import/github_service.rb @@ -6,6 +6,10 @@ module Import attr_reader :params, :current_user def execute(access_params, provider) + if blocked_url? + return log_and_return_error("Invalid URL: #{url}", :bad_request) + end + unless authorized? return error(_('This namespace has already been taken! Please choose another one.'), :unprocessable_entity) end @@ -56,6 +60,25 @@ module Import can?(current_user, :create_projects, target_namespace) end + def url + @url ||= params[:github_hostname] + end + + def allow_local_requests? + Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services? + end + + def blocked_url? + Gitlab::UrlBlocker.blocked_url?( + url, + { + allow_localhost: allow_local_requests?, + allow_local_network: allow_local_requests?, + schemes: %w(http https) + } + ) + end + private def log_error(exception) |