gitlab-org--gitlab-foss/app/validators/system_hook_url_validator.rb

# frozen_string_literal: true

# SystemHookUrlValidator
#
# Custom validator specific to SystemHook URLs. This validator works like AddressableUrlValidator but
# it blocks urls pointing to localhost or the local network depending on
# ApplicationSetting.allow_local_requests_from_system_hooks
#
# Example:
#
#   class SystemHook < WebHook
#     validates :url, system_hook_url: { allow_localhost: true, allow_local_network: true }
#   end
#
class SystemHookUrlValidator < AddressableUrlValidator
  DEFAULT_OPTIONS = {
    allow_localhost: false,
    allow_local_network: false
  }.freeze

  def initialize(options)
    options.reverse_merge!(DEFAULT_OPTIONS)

    super(options)
  end

  def self.allow_setting_local_requests?
    ApplicationSetting.current&.allow_local_requests_from_system_hooks?
  end
end
Add outbound requests setting for system hooks This MR adds new application setting to network section `allow_local_requests_from_system_hooks`. Prior to this change system hooks were allowed to do local network requests by default and we are adding an ability for admins to control it. 2019-07-26 10:21:52 +00:00			`# frozen_string_literal: true`

			`# SystemHookUrlValidator`
			`#`
Update security/webhooks.md doc page & specs Updating security/webhooks.md to match new behaviour as well as drying up few specs to extract shared examples 2019-07-26 13:03:06 +00:00			`# Custom validator specific to SystemHook URLs. This validator works like AddressableUrlValidator but`
Add outbound requests setting for system hooks This MR adds new application setting to network section `allow_local_requests_from_system_hooks`. Prior to this change system hooks were allowed to do local network requests by default and we are adding an ability for admins to control it. 2019-07-26 10:21:52 +00:00			`# it blocks urls pointing to localhost or the local network depending on`
			`# ApplicationSetting.allow_local_requests_from_system_hooks`
			`#`
			`# Example:`
			`#`
			`# class SystemHook < WebHook`
			`# validates :url, system_hook_url: { allow_localhost: true, allow_local_network: true }`
			`# end`
			`#`
			`class SystemHookUrlValidator < AddressableUrlValidator`
			`DEFAULT_OPTIONS = {`
Update security/webhooks.md doc page & specs Updating security/webhooks.md to match new behaviour as well as drying up few specs to extract shared examples 2019-07-26 13:03:06 +00:00			`allow_localhost: false,`
			`allow_local_network: false`
Add outbound requests setting for system hooks This MR adds new application setting to network section `allow_local_requests_from_system_hooks`. Prior to this change system hooks were allowed to do local network requests by default and we are adding an ability for admins to control it. 2019-07-26 10:21:52 +00:00			`}.freeze`

			`def initialize(options)`
			`options.reverse_merge!(DEFAULT_OPTIONS)`

			`super(options)`
			`end`

			`def self.allow_setting_local_requests?`
			`ApplicationSetting.current&.allow_local_requests_from_system_hooks?`
			`end`
			`end`