2020-06-23 00:09:42 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
module Gitlab
|
|
|
|
module Metrics
|
|
|
|
module Dashboard
|
|
|
|
module Stages
|
|
|
|
class UrlValidator < BaseStage
|
|
|
|
def transform!
|
2020-07-28 23:09:34 +05:30
|
|
|
validate_dashboard_links(dashboard)
|
|
|
|
|
|
|
|
validate_chart_links(dashboard)
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def blocker_args
|
|
|
|
{
|
|
|
|
schemes: %w(http https),
|
|
|
|
ports: [],
|
|
|
|
allow_localhost: allow_setting_local_requests?,
|
|
|
|
allow_local_network: allow_setting_local_requests?,
|
|
|
|
ascii_only: false,
|
|
|
|
enforce_user: false,
|
|
|
|
enforce_sanitization: false,
|
|
|
|
dns_rebind_protection: true
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
def allow_setting_local_requests?
|
|
|
|
Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
|
|
|
|
end
|
|
|
|
|
|
|
|
def validate_dashboard_links(dashboard)
|
|
|
|
validate_links(dashboard[:links])
|
|
|
|
end
|
|
|
|
|
|
|
|
def validate_chart_links(dashboard)
|
|
|
|
dashboard[:panel_groups].each do |panel_group|
|
|
|
|
panel_group[:panels].each do |panel|
|
|
|
|
validate_links(panel[:links])
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def validate_links(links)
|
|
|
|
links&.each do |link|
|
|
|
|
next unless link.is_a? Hash
|
|
|
|
|
2021-01-03 14:25:43 +05:30
|
|
|
Gitlab::UrlBlocker.validate!(link[:url], **blocker_args)
|
2020-06-23 00:09:42 +05:30
|
|
|
rescue Gitlab::UrlBlocker::BlockedUrlError
|
|
|
|
link[:url] = ''
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|