Commit 401be1d1 authored by Stan Hu's avatar Stan Hu

Only allow strings in URL::Sanitizer.valid?

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/55079
parent 7cb0dd98
---
title: Only allow strings in URL::Sanitizer.valid?
merge_request: 23675
author:
type: fixed
...@@ -14,6 +14,7 @@ module Gitlab ...@@ -14,6 +14,7 @@ module Gitlab
def self.valid?(url) def self.valid?(url)
return false unless url.present? return false unless url.present?
return false unless url.is_a?(String)
uri = Addressable::URI.parse(url.strip) uri = Addressable::URI.parse(url.strip)
......
...@@ -41,6 +41,7 @@ describe Gitlab::UrlSanitizer do ...@@ -41,6 +41,7 @@ describe Gitlab::UrlSanitizer do
false | '123://invalid:url' false | '123://invalid:url'
false | 'valid@project:url.git' false | 'valid@project:url.git'
false | 'valid:pass@project:url.git' false | 'valid:pass@project:url.git'
false | %w(test array)
true | 'ssh://example.com' true | 'ssh://example.com'
true | 'ssh://:@example.com' true | 'ssh://:@example.com'
true | 'ssh://foo@example.com' true | 'ssh://foo@example.com'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment