Merge branch 'ssrf' into 'security'

nil check for url_blocker?

See merge request !2076
This commit is contained in:
Rubén Dávila 2017-03-18 17:56:05 +00:00 committed by DJ Mountney
parent 65aafb9917
commit 83a0c39808

View file

@ -8,6 +8,8 @@ module Gitlab
VALID_PORTS = [22, 80, 443].freeze VALID_PORTS = [22, 80, 443].freeze
def blocked_url?(url) def blocked_url?(url)
return false if url.nil?
blocked_ips = ["127.0.0.1", "::1", "0.0.0.0"] blocked_ips = ["127.0.0.1", "::1", "0.0.0.0"]
blocked_ips.concat(Socket.ip_address_list.map(&:ip_address)) blocked_ips.concat(Socket.ip_address_list.map(&:ip_address))