summaryrefslogtreecommitdiff
path: root/app/services/import/github_service.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/services/import/github_service.rb')
-rw-r--r--app/services/import/github_service.rb23
1 files changed, 23 insertions, 0 deletions
diff --git a/app/services/import/github_service.rb b/app/services/import/github_service.rb
index a2923b1e4f9..948dba2d206 100644
--- a/app/services/import/github_service.rb
+++ b/app/services/import/github_service.rb
@@ -6,6 +6,10 @@ module Import
attr_reader :params, :current_user
def execute(access_params, provider)
+ if blocked_url?
+ return log_and_return_error("Invalid URL: #{url}", :bad_request)
+ end
+
unless authorized?
return error(_('This namespace has already been taken! Please choose another one.'), :unprocessable_entity)
end
@@ -56,6 +60,25 @@ module Import
can?(current_user, :create_projects, target_namespace)
end
+ def url
+ @url ||= params[:github_hostname]
+ end
+
+ def allow_local_requests?
+ Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
+ end
+
+ def blocked_url?
+ Gitlab::UrlBlocker.blocked_url?(
+ url,
+ {
+ allow_localhost: allow_local_requests?,
+ allow_local_network: allow_local_requests?,
+ schemes: %w(http https)
+ }
+ )
+ end
+
private
def log_error(exception)
View Lorry Controller Status