Commit b290d929 authored by Douwe Maan's avatar Douwe Maan

Rename allow_private_networks to allow_local_network

parent b95918dd
...@@ -4,10 +4,8 @@ ...@@ -4,10 +4,8 @@
# protect against Server-side Request Forgery (SSRF). # protect against Server-side Request Forgery (SSRF).
class ImportableUrlValidator < ActiveModel::EachValidator class ImportableUrlValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value) def validate_each(record, attribute, value)
begin Gitlab::UrlBlocker.validate!(value, valid_ports: Project::VALID_IMPORT_PORTS)
Gitlab::UrlBlocker.validate!(value, valid_ports: Project::VALID_IMPORT_PORTS) rescue Gitlab::UrlBlocker::BlockedUrlError => e
rescue Gitlab::UrlBlocker::BlockedUrlError => e record.errors.add(attribute, "is blocked: #{e.message}")
record.errors.add(attribute, "is blocked: #{e.message}")
end
end end
end end
...@@ -12,7 +12,7 @@ module Gitlab ...@@ -12,7 +12,7 @@ module Gitlab
def connection def connection
unless allow_local_requests? unless allow_local_requests?
begin begin
Gitlab::UrlBlocker.validate!(uri, allow_private_networks: false) Gitlab::UrlBlocker.validate!(uri, allow_local_network: false)
rescue Gitlab::UrlBlocker::BlockedUrlError => e rescue Gitlab::UrlBlocker::BlockedUrlError => e
raise Gitlab::HTTP::BlockedUrlError, "URL '#{uri}' is blocked: #{e.message}" raise Gitlab::HTTP::BlockedUrlError, "URL '#{uri}' is blocked: #{e.message}"
end end
......
...@@ -5,7 +5,7 @@ module Gitlab ...@@ -5,7 +5,7 @@ module Gitlab
BlockedUrlError = Class.new(StandardError) BlockedUrlError = Class.new(StandardError)
class << self class << self
def validate!(url, allow_localhost: false, allow_private_networks: true, valid_ports: []) def validate!(url, allow_localhost: false, allow_local_network: true, valid_ports: [])
return true if url.nil? return true if url.nil?
begin begin
...@@ -29,7 +29,7 @@ module Gitlab ...@@ -29,7 +29,7 @@ module Gitlab
end end
validate_localhost!(addrs_info) unless allow_localhost validate_localhost!(addrs_info) unless allow_localhost
validate_local_network!(addrs_info) unless allow_private_networks validate_local_network!(addrs_info) unless allow_local_network
true true
end end
......
...@@ -74,13 +74,13 @@ describe Gitlab::UrlBlocker do ...@@ -74,13 +74,13 @@ describe Gitlab::UrlBlocker do
expect(described_class.blocked_url?('https://gitlab.com/foo/foo.git')).to be false expect(described_class.blocked_url?('https://gitlab.com/foo/foo.git')).to be false
end end
context 'when allow_private_networks is' do context 'when allow_local_network is' do
let(:private_networks) { ['192.168.1.2', '10.0.0.2', '172.16.0.2'] } let(:local_ips) { ['192.168.1.2', '10.0.0.2', '172.16.0.2'] }
let(:fake_domain) { 'www.fakedomain.fake' } let(:fake_domain) { 'www.fakedomain.fake' }
context 'true (default)' do context 'true (default)' do
it 'does not block urls from private networks' do it 'does not block urls from private networks' do
private_networks.each do |ip| local_ips.each do |ip|
stub_domain_resolv(fake_domain, ip) stub_domain_resolv(fake_domain, ip)
expect(described_class).not_to be_blocked_url("http://#{fake_domain}") expect(described_class).not_to be_blocked_url("http://#{fake_domain}")
...@@ -94,14 +94,14 @@ describe Gitlab::UrlBlocker do ...@@ -94,14 +94,14 @@ describe Gitlab::UrlBlocker do
context 'false' do context 'false' do
it 'blocks urls from private networks' do it 'blocks urls from private networks' do
private_networks.each do |ip| local_ips.each do |ip|
stub_domain_resolv(fake_domain, ip) stub_domain_resolv(fake_domain, ip)
expect(described_class).to be_blocked_url("http://#{fake_domain}", allow_private_networks: false) expect(described_class).to be_blocked_url("http://#{fake_domain}", allow_local_network: false)
unstub_domain_resolv unstub_domain_resolv
expect(described_class).to be_blocked_url("http://#{ip}", allow_private_networks: false) expect(described_class).to be_blocked_url("http://#{ip}", allow_local_network: false)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment