kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
76,573 Commits 1 Branch 0 Tags 899 MiB
Commit Graph

10 Commits

Author SHA1 Message Date
Francisco Javier López 1418afc2d6 Avoid checking the user format in every url validation 2018-06-11 13:29:37 +00:00
Francisco Javier López 840f80d48b Add validation to webhook and service URLs to ensure they are not blocked because of SSRF 2018-06-01 11:43:53 +00:00
Douwe Maan b290d929bc
Rename allow_private_networks to allow_local_network 2018-04-02 17:24:19 +02:00
Douwe Maan b95918dda8
Make error messages even more descriptive 2018-04-02 17:20:18 +02:00
Douwe Maan 2e3bc6a941
Raise more descriptive errors when URLs are blocked 2018-04-02 17:20:01 +02:00
Douwe Maan 95ced3bb5f Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6' 
Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
 2018-03-21 14:39:21 +00:00
Douwe Maan 89bd78352e Merge branch 'ssrf-protections-round-2' into 'security-10-1' 
Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions

See merge request gitlab/gitlabhq!2219

(cherry picked from commit 4a1e73783d5480aa514db7b53e10c075f95580b5)

1bffa0c3 Replace SSRF resolver with Addrinfo.getaddrinfo to include alternative localhost versions
 2017-11-08 20:11:08 -08:00
James Edwards-Jones b296921681 Merge branch 'rs-alphanumeric-ssh-params' into 'security-9-4' 
Ensure user and hostnames begin with an alnum character in UrlBlocker

See merge request !2138
 2017-08-10 20:47:28 +01:00
Rubén Dávila 83a0c39808 Merge branch 'ssrf' into 'security' 
nil check for url_blocker?

See merge request !2076
 2017-03-20 18:53:45 -07:00
Douwe Maan 65aafb9917 Merge branch 'ssrf' into 'security' 
Protect server against SSRF in project import URLs

See merge request !2068
 2017-03-20 18:53:04 -07:00