a9bcddee4c
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not blocked, and then uses the same IP to perform the actual request, while passing the original hostname in the `Host` header and SSL SNI field.
22 lines
680 B
Ruby
22 lines
680 B
Ruby
# frozen_string_literal: true
|
|
|
|
# This class is used as a proxy for all outbounding http connection
|
|
# coming from callbacks, services and hooks. The direct use of the HTTParty
|
|
# is discouraged because it can lead to several security problems, like SSRF
|
|
# calling internal IP or services.
|
|
module Gitlab
|
|
class HTTP
|
|
BlockedUrlError = Class.new(StandardError)
|
|
RedirectionTooDeep = Class.new(StandardError)
|
|
|
|
include HTTParty # rubocop:disable Gitlab/HTTParty
|
|
|
|
connection_adapter HTTPConnectionAdapter
|
|
|
|
def self.perform_request(http_method, path, options, &block)
|
|
super
|
|
rescue HTTParty::RedirectionTooDeep
|
|
raise RedirectionTooDeep
|
|
end
|
|
end
|
|
end
|