gitlab-org--gitlab-foss/app/models/hooks/web_hook.rb
Robert Speicher 791ca43f3f Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook' into 'security-10-3'
Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2277

(cherry picked from commit 7fc0a6fc096768a5604d6dd24d7d952e53300c82)

073b8f9c Don't allow line breaks on HTTP headers
2018-01-16 17:04:51 -08:00

16 lines
437 B
Ruby

class WebHook < ActiveRecord::Base
include Sortable
has_many :web_hook_logs, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
validates :url, presence: true, url: true
validates :token, format: { without: /\n/ }
def execute(data, hook_name)
WebHookService.new(self, data, hook_name).execute
end
def async_execute(data, hook_name)
WebHookService.new(self, data, hook_name).async_execute
end
end