Commit graph

17 commits

Author SHA1 Message Date
GitLab Bot
c8e28a0bb8 Add latest changes from gitlab-org/gitlab@master 2020-01-27 09:08:32 +00:00
GitLab Bot
c2b98d3dbd Add latest changes from gitlab-org/gitlab@master 2019-12-17 15:08:15 +00:00
George Koltsov
e5e1c907c0 Add outbound requests setting for system hooks
This MR adds new application setting to network section
`allow_local_requests_from_system_hooks`. Prior to this change
system hooks were allowed to do local network requests by default
and we are adding an ability for admins to control it.
2019-08-02 15:39:18 +01:00
Mayra Cabrera
0ab89d8e36 Add a rubocop for Rails.logger
Suggests to use a JSON structured log instead

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/54102
2019-07-10 19:26:47 +00:00
Heinrich Lee Yu
880792a04e Catch RedirectionTooDeep Exception in webhooks 2018-10-19 05:55:06 +00:00
Heinrich Lee Yu
a61da80208 Use monotonic time in computing web hook execution time 2018-10-18 17:23:24 +08:00
gfyoung
ddca49e4b5 Enable frozen string in apps/uploaders/*.rb
Partially addresses #47424.
2018-07-16 06:41:59 -07:00
Jan Beckmann
1345968ea6 Resolve "WebHookService doesn't handle user info with nil passwords" 2018-06-25 14:44:29 +00:00
Douwe Maan
5d003f3d1d
Ensure web hook 'blocked URL' errors are stored in as web hook logs and properly surfaced to the user 2018-05-04 14:48:01 +02:00
Douwe Maan
95ced3bb5f Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6'
Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
2018-03-21 14:39:21 +00:00
Robert Speicher
791ca43f3f Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook' into 'security-10-3'
Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2277

(cherry picked from commit 7fc0a6fc096768a5604d6dd24d7d952e53300c82)

073b8f9c Don't allow line breaks on HTTP headers
2018-01-16 17:04:51 -08:00
Douwe Maan
1e6ca3c41e Consistently schedule Sidekiq jobs 2017-12-05 11:59:39 +01:00
Rémy Coutable
9e20157528
Fix a wrong X-Gitlab-Event header when testing webhooks
Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-09-07 17:40:32 +02:00
Alexander Randa
0135d57b01 Fix encoding error for WebHook logging 2017-08-01 20:19:59 +03:00
Alex Lossent
a94e91a45b Log web hook execution timeout events
If a web hook HTTP request is sent but no response comes
within a certain time (10s by default), the hook execution fails
and will be retried. This commit makes such timeouts visible
in the web hook log, like connection timeouts already are.

Also log "no route to host" errors.
2017-07-27 15:02:25 +02:00
Alexander Randa
e0ab5618a0 Wrong data type when testing webhooks 2017-07-20 15:12:06 +00:00
Alexander Randa
330789c23c Implement web hooks logging
* implemented logging of project and system web hooks
* implemented UI for user area (project hooks)
* implemented UI for admin area (system hooks)
* implemented retry of logged webhook
* NOT imeplemented log remover
2017-05-25 10:07:52 +03:00