gitlab-org--gitlab-foss/app/validators/importable_url_validator.rb

# ImportableUrlValidator
#
# This validator blocks projects from using dangerous import_urls to help
# protect against Server-side Request Forgery (SSRF).
class ImportableUrlValidator < ActiveModel::EachValidator
  def validate_each(record, attribute, value)
    if Gitlab::UrlBlocker.blocked_url?(value)
      record.errors.add(attribute, "imports are not allowed from that URL")
    end
  end
end
Merge branch 'ssrf' into 'security' Protect server against SSRF in project import URLs See merge request !2068 2017-03-15 16:09:08 -04:00			`# ImportableUrlValidator`
			`#`
			`# This validator blocks projects from using dangerous import_urls to help`
			`# protect against Server-side Request Forgery (SSRF).`
			`class ImportableUrlValidator < ActiveModel::EachValidator`
			`def validate_each(record, attribute, value)`
			`if Gitlab::UrlBlocker.blocked_url?(value)`
			`record.errors.add(attribute, "imports are not allowed from that URL")`
			`end`
			`end`
			`end`