debian-mirror-gitlab/lib/gitlab/url_blockers/url_allowlist.rb

# frozen_string_literal: true

module Gitlab
  module UrlBlockers
    class UrlAllowlist
      class << self
        def ip_allowed?(ip_string, port: nil)
          return false if ip_string.blank?

          ip_allowlist, _ = outbound_local_requests_allowlist_arrays
          ip_obj = Gitlab::Utils.string_to_ip_object(ip_string)

          ip_allowlist.any? do |ip_allowlist_entry|
            ip_allowlist_entry.match?(ip_obj, port)
          end
        end

        def domain_allowed?(domain_string, port: nil)
          return false if domain_string.blank?

          _, domain_allowlist = outbound_local_requests_allowlist_arrays

          domain_allowlist.any? do |domain_allowlist_entry|
            domain_allowlist_entry.match?(domain_string, port)
          end
        end

        private

        # We cannot use Gitlab::CurrentSettings as ApplicationSetting itself
        # calls this class. This ends up in a cycle where
        # Gitlab::CurrentSettings creates an ApplicationSetting which then
        # calls this method.
        #
        # See https://gitlab.com/gitlab-org/gitlab/issues/9833
        def outbound_local_requests_allowlist_arrays
          return [[], []] unless ApplicationSetting.current

          ApplicationSetting.current.outbound_local_requests_allowlist_arrays
        end
      end
    end
  end
end
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`# frozen_string_literal: true`

			`module Gitlab`
			`module UrlBlockers`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`class UrlAllowlist`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`class << self`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`def ip_allowed?(ip_string, port: nil)`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`return false if ip_string.blank?`

New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`ip_allowlist, _ = outbound_local_requests_allowlist_arrays`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`ip_obj = Gitlab::Utils.string_to_ip_object(ip_string)`

New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`ip_allowlist.any? do \|ip_allowlist_entry\|`
			`ip_allowlist_entry.match?(ip_obj, port)`
New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`end`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`end`

New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`def domain_allowed?(domain_string, port: nil)`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`return false if domain_string.blank?`

New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`_, domain_allowlist = outbound_local_requests_allowlist_arrays`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`domain_allowlist.any? do \|domain_allowlist_entry\|`
			`domain_allowlist_entry.match?(domain_string, port)`
New upstream version 12.9.2 2020-04-08 14:13:33 +05:30			`end`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`end`

			`private`

			`# We cannot use Gitlab::CurrentSettings as ApplicationSetting itself`
			`# calls this class. This ends up in a cycle where`
			`# Gitlab::CurrentSettings creates an ApplicationSetting which then`
			`# calls this method.`
			`#`
			`# See https://gitlab.com/gitlab-org/gitlab/issues/9833`
New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`def outbound_local_requests_allowlist_arrays`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`return [[], []] unless ApplicationSetting.current`

New upstream version 13.6.5 2021-01-29 00:20:46 +05:30			`ApplicationSetting.current.outbound_local_requests_allowlist_arrays`
New upstream version 12.3.8 2019-12-04 20:38:33 +05:30			`end`
			`end`
			`end`
			`end`
			`end`