From 840f80d48b7d8363f171f6137cd9f1fbafb52bfc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Francisco=20Javier=20L=C3=B3pez?= <fjlopez@gitlab.com>
Date: Fri, 1 Jun 2018 11:43:53 +0000
Subject: Add validation to webhook and service URLs to ensure they are not
 blocked because of SSRF

---
 app/validators/url_placeholder_validator.rb | 32 -----------------------------
 1 file changed, 32 deletions(-)
 delete mode 100644 app/validators/url_placeholder_validator.rb

(limited to 'app/validators/url_placeholder_validator.rb')

diff --git a/app/validators/url_placeholder_validator.rb b/app/validators/url_placeholder_validator.rb
deleted file mode 100644
index dd681218b6b..00000000000
--- a/app/validators/url_placeholder_validator.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-# UrlValidator
-#
-# Custom validator for URLs.
-#
-# By default, only URLs for the HTTP(S) protocols will be considered valid.
-# Provide a `:protocols` option to configure accepted protocols.
-#
-# Also, this validator can help you validate urls with placeholders inside.
-# Usually, if you have a url like 'http://www.example.com/%{project_path}' the
-# URI parser will reject that URL format. Provide a `:placeholder_regex` option
-# to configure accepted placeholders.
-#
-# Example:
-#
-#   class User < ActiveRecord::Base
-#     validates :personal_url, url: true
-#
-#     validates :ftp_url, url: { protocols: %w(ftp) }
-#
-#     validates :git_url, url: { protocols: %w(http https ssh git) }
-#
-#     validates :placeholder_url, url: { placeholder_regex: /(project_path|project_id|default_branch)/ }
-#   end
-#
-class UrlPlaceholderValidator < UrlValidator
-  def validate_each(record, attribute, value)
-    placeholder_regex = self.options[:placeholder_regex]
-    value = value.gsub(/%{#{placeholder_regex}}/, 'foo') if placeholder_regex && value
-
-    super(record, attribute, value)
-  end
-end
-- 
cgit v1.2.1