Commit graph

10 commits

Author SHA1 Message Date
Francisco Javier López
1418afc2d6 Avoid checking the user format in every url validation 2018-06-11 13:29:37 +00:00
Francisco Javier López
840f80d48b Add validation to webhook and service URLs to ensure they are not blocked because of SSRF 2018-06-01 11:43:53 +00:00
Douwe Maan
b290d929bc
Rename allow_private_networks to allow_local_network 2018-04-02 17:24:19 +02:00
Douwe Maan
b95918dda8
Make error messages even more descriptive 2018-04-02 17:20:18 +02:00
Douwe Maan
2e3bc6a941
Raise more descriptive errors when URLs are blocked 2018-04-02 17:20:01 +02:00
Douwe Maan
95ced3bb5f Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6'
Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
2018-03-21 14:39:21 +00:00
Douwe Maan
89bd78352e Merge branch 'ssrf-protections-round-2' into 'security-10-1'
Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions

See merge request gitlab/gitlabhq!2219

(cherry picked from commit 4a1e73783d5480aa514db7b53e10c075f95580b5)

1bffa0c3 Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
2017-11-08 20:11:08 -08:00
James Edwards-Jones
b296921681 Merge branch 'rs-alphanumeric-ssh-params' into 'security-9-4'
Ensure user and hostnames begin with an alnum character in UrlBlocker

See merge request !2138
2017-08-10 20:47:28 +01:00
Rubén Dávila
83a0c39808 Merge branch 'ssrf' into 'security'
nil check for url_blocker?

See merge request !2076
2017-03-20 18:53:45 -07:00
Douwe Maan
65aafb9917 Merge branch 'ssrf' into 'security'
Protect server against SSRF in project import URLs

See merge request !2068
2017-03-20 18:53:04 -07:00