kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
89,934 Commits 1 Branch 0 Tags 899 MiB
Commit Graph

19 Commits

Author SHA1 Message Date
Reuben Pereira f40b5860d7 Add table and model for error tracking settings 2019-01-07 17:55:21 +00:00
James Edwards-Jones 72c0059407 Allow URLs to be validated as ascii_only 
Restricts unicode characters and IDNA deviations
which could be used in a phishing attack
 2018-12-06 15:18:18 +00:00
Steve Azzopardi a9f5b22394
Merge branch 'security-11-5-fix-webhook-ssrf-ipv6' into 'security-11-5' 
[11.5] Fix SSRF in project integrations

See merge request gitlab/gitlabhq!2611
 2018-11-28 19:14:36 -05:00
Cindy Pallares c0e5d9afee
Merge branch 'security-fj-crlf-injection' into 'master' 
[master] Fix CRLF issue in UrlValidator

See merge request gitlab/gitlabhq!2627
 2018-11-28 19:14:06 -05:00
Cindy Pallares 4bc6f2e3ac
Merge branch 'security-stored-xss-for-environments' into 'master' 
[master] Stored XSS for Environments

Closes #2727

See merge request gitlab/gitlabhq!2594
 2018-11-28 19:07:29 -05:00
Thiago Presa cc571e18d3 Merge branch 'sh-block-other-localhost' into 'master' 
Block additional localhost addresses in UrlBlocker

See merge request gitlab/gitlabhq!2487
 2018-10-25 01:05:44 +00:00
gfyoung c858f70d07 Enable frozen string for lib/gitlab/*.rb 2018-10-22 07:00:50 +00:00
Stan Hu b1d04cf9d5 Block loopback addresses in UrlBlocker 
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/51128
 2018-09-05 22:04:23 -07:00
Stan Hu b3f7558750 Block link-local addresses in URLBlocker 
Closes https://gitlab.com/gitlab-com/migration/issues/766
 2018-08-12 22:34:34 -07:00
Francisco Javier López 1418afc2d6 Avoid checking the user format in every url validation 2018-06-11 13:29:37 +00:00
Francisco Javier López 840f80d48b Add validation to webhook and service URLs to ensure they are not blocked because of SSRF 2018-06-01 11:43:53 +00:00
Douwe Maan b290d929bc
Rename allow_private_networks to allow_local_network 2018-04-02 17:24:19 +02:00
Douwe Maan b95918dda8
Make error messages even more descriptive 2018-04-02 17:20:18 +02:00
Douwe Maan 2e3bc6a941
Raise more descriptive errors when URLs are blocked 2018-04-02 17:20:01 +02:00
Douwe Maan 95ced3bb5f Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6' 
Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
 2018-03-21 14:39:21 +00:00
Douwe Maan 89bd78352e Merge branch 'ssrf-protections-round-2' into 'security-10-1' 
Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions

See merge request gitlab/gitlabhq!2219

(cherry picked from commit 4a1e73783d5480aa514db7b53e10c075f95580b5)

1bffa0c3 Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
 2017-11-08 20:11:08 -08:00
James Edwards-Jones b296921681 Merge branch 'rs-alphanumeric-ssh-params' into 'security-9-4' 
Ensure user and hostnames begin with an alnum character in UrlBlocker

See merge request !2138
 2017-08-10 20:47:28 +01:00
Rubén Dávila 83a0c39808 Merge branch 'ssrf' into 'security' 
nil check for url_blocker?

See merge request !2076
 2017-03-20 18:53:45 -07:00
Douwe Maan 65aafb9917 Merge branch 'ssrf' into 'security' 
Protect server against SSRF in project import URLs

See merge request !2068
 2017-03-20 18:53:04 -07:00