debian-mirror-gitlab/lib/gitlab/url_blockers/url_allowlist.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

45 lines
1.3 KiB
Ruby
Raw Normal View History

2019-12-04 20:38:33 +05:30
# frozen_string_literal: true
module Gitlab
module UrlBlockers
2021-01-29 00:20:46 +05:30
class UrlAllowlist
2019-12-04 20:38:33 +05:30
class << self
2021-01-29 00:20:46 +05:30
def ip_allowed?(ip_string, port: nil)
2019-12-04 20:38:33 +05:30
return false if ip_string.blank?
2021-01-29 00:20:46 +05:30
ip_allowlist, _ = outbound_local_requests_allowlist_arrays
2019-12-04 20:38:33 +05:30
ip_obj = Gitlab::Utils.string_to_ip_object(ip_string)
2021-01-29 00:20:46 +05:30
ip_allowlist.any? do |ip_allowlist_entry|
ip_allowlist_entry.match?(ip_obj, port)
2020-04-08 14:13:33 +05:30
end
2019-12-04 20:38:33 +05:30
end
2021-01-29 00:20:46 +05:30
def domain_allowed?(domain_string, port: nil)
2019-12-04 20:38:33 +05:30
return false if domain_string.blank?
2021-01-29 00:20:46 +05:30
_, domain_allowlist = outbound_local_requests_allowlist_arrays
2019-12-04 20:38:33 +05:30
2021-01-29 00:20:46 +05:30
domain_allowlist.any? do |domain_allowlist_entry|
domain_allowlist_entry.match?(domain_string, port)
2020-04-08 14:13:33 +05:30
end
2019-12-04 20:38:33 +05:30
end
private
# We cannot use Gitlab::CurrentSettings as ApplicationSetting itself
# calls this class. This ends up in a cycle where
# Gitlab::CurrentSettings creates an ApplicationSetting which then
# calls this method.
#
# See https://gitlab.com/gitlab-org/gitlab/issues/9833
2021-01-29 00:20:46 +05:30
def outbound_local_requests_allowlist_arrays
2019-12-04 20:38:33 +05:30
return [[], []] unless ApplicationSetting.current
2021-01-29 00:20:46 +05:30
ApplicationSetting.current.outbound_local_requests_allowlist_arrays
2019-12-04 20:38:33 +05:30
end
end
end
end
end