gitlab-org--gitlab-foss/lib/gitlab/http_connection_adapter.rb

# frozen_string_literal: true

# This class is part of the Gitlab::HTTP wrapper. Depending on the value
# of the global setting allow_local_requests_from_web_hooks_and_services this adapter
# will allow/block connection to internal IPs and/or urls.
#
# This functionality can be overridden by providing the setting the option
# allow_local_requests = true in the request. For example:
# Gitlab::HTTP.get('http://www.gitlab.com', allow_local_requests: true)
#
# This option will take precedence over the global setting.
module Gitlab
  class HTTPConnectionAdapter < HTTParty::ConnectionAdapter
    extend ::Gitlab::Utils::Override

    override :connection
    def connection
      @uri, hostname = validate_url!(uri)

      if options.key?(:http_proxyaddr)
        proxy_uri_with_port = uri_with_port(options[:http_proxyaddr], options[:http_proxyport])
        proxy_uri_validated = validate_url!(proxy_uri_with_port).first

        @options[:http_proxyaddr] = proxy_uri_validated.omit(:port).to_s
        @options[:http_proxyport] = proxy_uri_validated.port
      end

      super.tap do |http|
        http.hostname_override = hostname if hostname
      end
    end

    private

    def validate_url!(url)
      Gitlab::UrlBlocker.validate!(url, allow_local_network: allow_local_requests?,
                                        allow_localhost: allow_local_requests?,
                                        dns_rebind_protection: dns_rebind_protection?)
    rescue Gitlab::UrlBlocker::BlockedUrlError => e
      raise Gitlab::HTTP::BlockedUrlError, "URL '#{url}' is blocked: #{e.message}"
    end

    def allow_local_requests?
      options.fetch(:allow_local_requests, allow_settings_local_requests?)
    end

    def dns_rebind_protection?
      return false if Gitlab.http_proxy_env?

      Gitlab::CurrentSettings.dns_rebinding_protection_enabled?
    end

    def allow_settings_local_requests?
      Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
    end

    def uri_with_port(address, port)
      uri = Addressable::URI.parse(address)
      uri.port = port if port.present?
      uri
    end
  end
end