2018-12-13 13:39:08 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2022-04-04 11:22:00 +05:30
|
|
|
# This class is part of the Gitlab::HTTP wrapper. It handles local requests and header timeouts
|
2018-03-26 14:24:53 +05:30
|
|
|
#
|
2022-04-04 11:22:00 +05:30
|
|
|
# 1. Local requests
|
|
|
|
# Depending on the value of the global setting allow_local_requests_from_web_hooks_and_services,
|
|
|
|
# this adapter will allow/block connection to internal IPs and/or urls.
|
2018-03-26 14:24:53 +05:30
|
|
|
#
|
2022-04-04 11:22:00 +05:30
|
|
|
# This functionality can be overridden by providing the setting the option
|
|
|
|
# allow_local_requests = true in the request. For example:
|
|
|
|
# Gitlab::HTTP.get('http://www.gitlab.com', allow_local_requests: true)
|
|
|
|
#
|
|
|
|
# This option will take precedence over the global setting.
|
|
|
|
#
|
|
|
|
# 2. Header timeouts
|
|
|
|
# When the use_read_total_timeout option is used, that means the receiver
|
|
|
|
# of the HTTP request cannot be trusted. Gitlab::BufferedIo will be used,
|
|
|
|
# to read header data. It is a modified version of Net::BufferedIO that
|
|
|
|
# raises a timeout error if reading header data takes too much time.
|
|
|
|
|
2018-03-26 14:24:53 +05:30
|
|
|
module Gitlab
|
2019-06-05 12:25:43 +05:30
|
|
|
class HTTPConnectionAdapter < HTTParty::ConnectionAdapter
|
2021-04-17 20:07:23 +05:30
|
|
|
extend ::Gitlab::Utils::Override
|
|
|
|
|
|
|
|
override :connection
|
2018-03-26 14:24:53 +05:30
|
|
|
def connection
|
2023-06-20 00:43:36 +05:30
|
|
|
result = validate_url_with_proxy!(uri)
|
|
|
|
@uri = result.uri
|
|
|
|
hostname = result.hostname
|
2021-04-17 20:07:23 +05:30
|
|
|
|
2022-04-04 11:22:00 +05:30
|
|
|
http = super
|
|
|
|
http.hostname_override = hostname if hostname
|
|
|
|
|
2023-06-20 00:43:36 +05:30
|
|
|
unless result.use_proxy
|
|
|
|
http.proxy_from_env = false
|
|
|
|
http.proxy_address = nil
|
|
|
|
end
|
|
|
|
|
2022-06-21 17:19:12 +05:30
|
|
|
gitlab_http = Gitlab::NetHttpAdapter.new(http.address, http.port)
|
2022-04-04 11:22:00 +05:30
|
|
|
|
2022-06-21 17:19:12 +05:30
|
|
|
http.instance_variables.each do |variable|
|
|
|
|
gitlab_http.instance_variable_set(variable, http.instance_variable_get(variable))
|
2019-06-05 12:25:43 +05:30
|
|
|
end
|
2022-04-04 11:22:00 +05:30
|
|
|
|
2022-06-21 17:19:12 +05:30
|
|
|
gitlab_http
|
2018-03-26 14:24:53 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2023-06-20 00:43:36 +05:30
|
|
|
def validate_url_with_proxy!(url)
|
|
|
|
Gitlab::UrlBlocker.validate_url_with_proxy!(
|
|
|
|
url, allow_local_network: allow_local_requests?,
|
|
|
|
allow_localhost: allow_local_requests?,
|
|
|
|
allow_object_storage: allow_object_storage?,
|
|
|
|
dns_rebind_protection: dns_rebind_protection?,
|
|
|
|
schemes: %w[http https])
|
2021-04-17 20:07:23 +05:30
|
|
|
rescue Gitlab::UrlBlocker::BlockedUrlError => e
|
2023-03-04 22:38:38 +05:30
|
|
|
raise Gitlab::HTTP::BlockedUrlError, "URL is blocked: #{e.message}"
|
2021-04-17 20:07:23 +05:30
|
|
|
end
|
|
|
|
|
2018-03-26 14:24:53 +05:30
|
|
|
def allow_local_requests?
|
|
|
|
options.fetch(:allow_local_requests, allow_settings_local_requests?)
|
|
|
|
end
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
def allow_object_storage?
|
|
|
|
options.fetch(:allow_object_storage, false)
|
|
|
|
end
|
|
|
|
|
2019-06-05 12:25:43 +05:30
|
|
|
def dns_rebind_protection?
|
|
|
|
Gitlab::CurrentSettings.dns_rebinding_protection_enabled?
|
|
|
|
end
|
|
|
|
|
2018-03-26 14:24:53 +05:30
|
|
|
def allow_settings_local_requests?
|
2019-10-12 21:52:04 +05:30
|
|
|
Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
|
2018-03-26 14:24:53 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|