Merge branch 'open-redirect-fix-continue-to' into 'security'
Fix for open redirect vuln involving continue[to] params See merge request !2083
This commit is contained in:
parent
b80653bb6a
commit
d687f6436a
|
@ -7,6 +7,7 @@ module ContinueParams
|
|||
|
||||
continue_params = continue_params.permit(:to, :notice, :notice_now)
|
||||
return unless continue_params[:to] && continue_params[:to].start_with?('/')
|
||||
return if continue_params[:to].start_with?('//')
|
||||
|
||||
continue_params
|
||||
end
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
title: Fix for open redirect vulnerability using continue[to] in URL when requesting project import status.
|
||||
merge_request:
|
||||
author:
|
|
@ -96,12 +96,19 @@ describe Projects::ImportsController do
|
|||
}
|
||||
end
|
||||
|
||||
it 'redirects to params[:to]' do
|
||||
it 'redirects to internal params[:to]' do
|
||||
get :show, namespace_id: project.namespace.to_param, project_id: project, continue: params
|
||||
|
||||
expect(flash[:notice]).to eq params[:notice]
|
||||
expect(response).to redirect_to params[:to]
|
||||
end
|
||||
|
||||
it 'does not redirect to external params[:to]' do
|
||||
params[:to] = "//google.com"
|
||||
|
||||
get :show, namespace_id: project.namespace.to_param, project_id: project, continue: params
|
||||
expect(response).not_to redirect_to params[:to]
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue