summaryrefslogtreecommitdiff
path: root/lib/gitlab/url_blockers/url_allowlist.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gitlab/url_blockers/url_allowlist.rb')
-rw-r--r--lib/gitlab/url_blockers/url_allowlist.rb44
1 files changed, 44 insertions, 0 deletions
diff --git a/lib/gitlab/url_blockers/url_allowlist.rb b/lib/gitlab/url_blockers/url_allowlist.rb
new file mode 100644
index 00000000000..60238bea75a
--- /dev/null
+++ b/lib/gitlab/url_blockers/url_allowlist.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Gitlab
+ module UrlBlockers
+ class UrlAllowlist
+ class << self
+ def ip_allowed?(ip_string, port: nil)
+ return false if ip_string.blank?
+
+ ip_allowlist, _ = outbound_local_requests_allowlist_arrays
+ ip_obj = Gitlab::Utils.string_to_ip_object(ip_string)
+
+ ip_allowlist.any? do |ip_allowlist_entry|
+ ip_allowlist_entry.match?(ip_obj, port)
+ end
+ end
+
+ def domain_allowed?(domain_string, port: nil)
+ return false if domain_string.blank?
+
+ _, domain_allowlist = outbound_local_requests_allowlist_arrays
+
+ domain_allowlist.any? do |domain_allowlist_entry|
+ domain_allowlist_entry.match?(domain_string, port)
+ end
+ end
+
+ private
+
+ # We cannot use Gitlab::CurrentSettings as ApplicationSetting itself
+ # calls this class. This ends up in a cycle where
+ # Gitlab::CurrentSettings creates an ApplicationSetting which then
+ # calls this method.
+ #
+ # See https://gitlab.com/gitlab-org/gitlab/issues/9833
+ def outbound_local_requests_allowlist_arrays
+ return [[], []] unless ApplicationSetting.current
+
+ ApplicationSetting.current.outbound_local_requests_allowlist_arrays
+ end
+ end
+ end
+ end
+end
View Lorry Controller Status