Commit graph

8 commits

Author SHA1 Message Date
Douwe Maan
95ced3bb5f Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6'
Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
2018-03-21 14:39:21 +00:00
Robert Speicher
791ca43f3f Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook' into 'security-10-3'
Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2277

(cherry picked from commit 7fc0a6fc096768a5604d6dd24d7d952e53300c82)

073b8f9c Don't allow line breaks on HTTP headers
2018-01-16 17:04:51 -08:00
Douwe Maan
1e6ca3c41e Consistently schedule Sidekiq jobs 2017-12-05 11:59:39 +01:00
Rémy Coutable
9e20157528
Fix a wrong X-Gitlab-Event header when testing webhooks
Signed-off-by: Rémy Coutable <remy@rymai.me>
2017-09-07 17:40:32 +02:00
Alexander Randa
0135d57b01 Fix encoding error for WebHook logging 2017-08-01 20:19:59 +03:00
Alex Lossent
a94e91a45b Log web hook execution timeout events
If a web hook HTTP request is sent but no response comes
within a certain time (10s by default), the hook execution fails
and will be retried. This commit makes such timeouts visible
in the web hook log, like connection timeouts already are.

Also log "no route to host" errors.
2017-07-27 15:02:25 +02:00
Alexander Randa
e0ab5618a0 Wrong data type when testing webhooks 2017-07-20 15:12:06 +00:00
Alexander Randa
330789c23c Implement web hooks logging
* implemented logging of project and system web hooks
* implemented UI for user area (project hooks)
* implemented UI for admin area (system hooks)
* implemented retry of logged webhook
* NOT imeplemented log remover
2017-05-25 10:07:52 +03:00