diff --git a/app/controllers/import/bulk_imports_controller.rb b/app/controllers/import/bulk_imports_controller.rb
index 4d3d7b5e74b1d48a6144d909c5b60181404723b9..c324fc52213183ecd1a76cd54d0938648e167b55 100644
--- a/app/controllers/import/bulk_imports_controller.rb
+++ b/app/controllers/import/bulk_imports_controller.rb
@@ -153,7 +153,8 @@ def verify_blocked_uri
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
schemes: %w[http https],
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
)
rescue Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError => e
clear_session_data
diff --git a/app/controllers/import/fogbugz_controller.rb b/app/controllers/import/fogbugz_controller.rb
index c24b41f0643d707b6dd3dbe22208596035dc496c..fa08f50ea33e1d6d5b478dcd9637b39be2cdd54c 100644
--- a/app/controllers/import/fogbugz_controller.rb
+++ b/app/controllers/import/fogbugz_controller.rb
@@ -130,7 +130,8 @@ def verify_blocked_uri
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
deny_all_requests_except_allowed: deny_all_requests_except_allowed?,
- schemes: %w[http https]
+ schemes: %w[http https],
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
)
rescue Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError => e
redirect_to new_import_fogbugz_url, alert: _('Specified URL cannot be used: "%{reason}"') % { reason: e.message }
diff --git a/app/controllers/import/gitea_controller.rb b/app/controllers/import/gitea_controller.rb
index b5840f9644dbedbc6db6ce64f54aaa8b7b7ac19c..ec03efc996370d3ea9fd48694026ae376e648f86 100644
--- a/app/controllers/import/gitea_controller.rb
+++ b/app/controllers/import/gitea_controller.rb
@@ -97,7 +97,8 @@ def verify_blocked_uri
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
schemes: %w[http https],
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
)
rescue Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError => e
session[access_token_key] = nil
diff --git a/app/models/abuse_report.rb b/app/models/abuse_report.rb
index e19a75a68e868f3185d742fbebd86a1e601110cf..b2f0152f0358da437e6d413b94fad313c6e7b1f0 100644
--- a/app/models/abuse_report.rb
+++ b/app/models/abuse_report.rb
@@ -210,8 +210,8 @@ def links_to_spam_contains_valid_urls
schemes: %w[http https],
allow_localhost: true,
dns_rebind_protection: true,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
- )
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist) # rubocop:disable Naming/InclusiveLanguage -- existing setting
next unless link.length > MAX_CHAR_LIMIT_URL
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index c16637594a0a5db110608add693533ce14f8b162..be5ba251c65cb96b0ac403301069c7a24403ad7a 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -910,7 +910,8 @@ def parsed_kroki_url
@parsed_kroki_url ||= Gitlab::HTTP_V2::UrlBlocker.validate!(
kroki_url, schemes: %w[http https],
enforce_sanitization: true,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)[0]
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist)[0] # rubocop:disable Naming/InclusiveLanguage -- existing setting
rescue Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError => e
self.errors.add(
:kroki_url,
diff --git a/app/models/integrations/mattermost_slash_commands.rb b/app/models/integrations/mattermost_slash_commands.rb
index eaf492e776843d1212cc3e224dcaf61dcea28a51..b8cf4fc73084c36034e950bee0db63d64d4d13d4 100644
--- a/app/models/integrations/mattermost_slash_commands.rb
+++ b/app/models/integrations/mattermost_slash_commands.rb
@@ -50,7 +50,8 @@ def redirect_url(team, channel, url)
url,
schemes: %w[http https],
enforce_sanitization: true,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist) # rubocop:disable Naming/InclusiveLanguage -- existing setting
origin = Addressable::URI.parse(url).origin
format(MATTERMOST_URL, ORIGIN: origin, TEAM: team, CHANNEL: channel)
diff --git a/app/models/service_desk/custom_email_credential.rb b/app/models/service_desk/custom_email_credential.rb
index 6955f178bead08eeb36f36cc80d09e14f91a8c11..f3c201f58d1f1efdce26ba272f280a2da3d30cf8 100644
--- a/app/models/service_desk/custom_email_credential.rb
+++ b/app/models/service_desk/custom_email_credential.rb
@@ -67,8 +67,8 @@ def validate_smtp_address
enforce_sanitization: true,
allow_localhost: false,
allow_local_network: !::Gitlab.com?, # rubocop:disable Gitlab/AvoidGitlabInstanceChecks -- self-managed may also use local network
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
- )
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist) # rubocop:disable Naming/InclusiveLanguage -- existing setting
rescue Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError => e
errors.add(:smtp_address, e)
end
diff --git a/app/models/ssh_host_key.rb b/app/models/ssh_host_key.rb
index f0855fc9f1c8e22c817a1855faf00242879fc7a9..337ffb6f07d56d70ecc7610feb83397c8e82b79e 100644
--- a/app/models/ssh_host_key.rb
+++ b/app/models/ssh_host_key.rb
@@ -143,8 +143,8 @@ def normalize_url(url)
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
dns_rebind_protection: Gitlab::CurrentSettings.dns_rebinding_protection_enabled?,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
- )
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist) # rubocop:disable Naming/InclusiveLanguage -- existing setting
# When DNS rebinding protection is required, the hostname is replaced by the
# resolved IP. However, `url` is used in `id`, so we can't change it. Track
diff --git a/app/services/bulk_imports/file_download_service.rb b/app/services/bulk_imports/file_download_service.rb
index 39c27c04b8c273accfd8af197a937c9731824808..fda00f4d2fc42dc230ee34fd5f2d4ada2c69c91a 100644
--- a/app/services/bulk_imports/file_download_service.rb
+++ b/app/services/bulk_imports/file_download_service.rb
@@ -134,8 +134,8 @@ def validate_url
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
schemes: %w[http https],
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
- )
+ deny_all_requests_except_allowed: ::Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: ::Gitlab::CurrentSettings.outbound_local_requests_whitelist) # rubocop:disable Naming/InclusiveLanguage -- existing setting
end
def default_file_size_limit
diff --git a/app/services/import/bitbucket_server_service.rb b/app/services/import/bitbucket_server_service.rb
index d8f39d7b9631c30e36d8d77e3f25878f77f76bf4..1fd39c99def41b8f38f582a84cb4f2db4217f9a3 100644
--- a/app/services/import/bitbucket_server_service.rb
+++ b/app/services/import/bitbucket_server_service.rb
@@ -89,7 +89,8 @@ def blocked_url?
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
schemes: %w[http https],
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
)
end
diff --git a/app/services/import/fogbugz_service.rb b/app/services/import/fogbugz_service.rb
index 52d9cb77c0a7dcd69f0cb75a5c3015987eeb6f74..fac2bb8a18d20453f23b44fe41199461e05a17d9 100644
--- a/app/services/import/fogbugz_service.rb
+++ b/app/services/import/fogbugz_service.rb
@@ -89,7 +89,8 @@ def blocked_url?(url)
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
schemes: %w[http https],
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
)
end
diff --git a/app/services/import/github_service.rb b/app/services/import/github_service.rb
index b8389192b1892ebfe45b1a0616c99b99052eb7e3..7771af18cf57411e86e7013327ba88fd8ded0844 100644
--- a/app/services/import/github_service.rb
+++ b/app/services/import/github_service.rb
@@ -92,7 +92,8 @@ def blocked_url?
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
schemes: %w[http https],
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
)
end
diff --git a/app/services/projects/update_remote_mirror_service.rb b/app/services/projects/update_remote_mirror_service.rb
index 6053e834f681639fc4839a9da0c1bc65323f6bbb..67c21bc4c67c9298d23d52ea7bec0d9689562f40 100644
--- a/app/services/projects/update_remote_mirror_service.rb
+++ b/app/services/projects/update_remote_mirror_service.rb
@@ -13,7 +13,8 @@ def execute(remote_mirror, tries)
if Gitlab::HTTP_V2::UrlBlocker.blocked_url?(
normalized_url(remote_mirror.url),
schemes: Project::VALID_MIRROR_PROTOCOLS,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
)
hard_retry_or_fail(remote_mirror, _('The remote mirror URL is invalid.'), tries)
return error(remote_mirror.last_error)
diff --git a/app/workers/integrations/irker_worker.rb b/app/workers/integrations/irker_worker.rb
index 341b9437bab4a7e7e0d8bf738e6836921d1dcd04..b6f5e9db2273fdec12dfe1c6a5962e0a5ee30088 100644
--- a/app/workers/integrations/irker_worker.rb
+++ b/app/workers/integrations/irker_worker.rb
@@ -57,7 +57,8 @@ def start_connection(irker_server, irker_port)
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
schemes: ['irc'],
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist) # rubocop:disable Naming/InclusiveLanguage -- existing setting
@socket = TCPSocket.new ip_address, irker_port
rescue Errno::ECONNREFUSED, Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError => e
logger.fatal "Can't connect to Irker daemon: #{e}"
diff --git a/config/initializers/rest-client-hostname_override.rb b/config/initializers/rest-client-hostname_override.rb
index 6a8c7285de5fb8f5b69c02fd6426b1916b9425dd..02409c4c386d4a84df18c2dcecf51a5a37493042 100644
--- a/config/initializers/rest-client-hostname_override.rb
+++ b/config/initializers/rest-client-hostname_override.rb
@@ -13,7 +13,8 @@ def transmit(uri, req, payload, &block)
allow_localhost: allow_settings_local_requests?,
dns_rebind_protection: dns_rebind_protection?,
deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
- schemes: %w[http https])
+ schemes: %w[http https],
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist) # rubocop:disable Naming/InclusiveLanguage -- existing setting
self.hostname_override = hostname_override
rescue Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError => e
diff --git a/ee/app/services/projects/update_mirror_service.rb b/ee/app/services/projects/update_mirror_service.rb
index 2fae01bf99690865aa864ff0cd6fdd71072b1231..8a0a447edc322f69aadfb8962ee24fbe795fbe32 100644
--- a/ee/app/services/projects/update_mirror_service.rb
+++ b/ee/app/services/projects/update_mirror_service.rb
@@ -12,7 +12,8 @@ def execute
Gitlab::HTTP_V2::UrlBlocker.blocked_url?(
normalized_url(project.import_url),
schemes: Project::VALID_MIRROR_PROTOCOLS,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist) # rubocop:disable Naming/InclusiveLanguage -- existing setting
return error("The import URL is invalid.")
end
diff --git a/lib/bulk_imports/common/pipelines/wiki_pipeline.rb b/lib/bulk_imports/common/pipelines/wiki_pipeline.rb
index 429a28dcb4c8eddf70793094a8f81e8ef2e4d9b2..f9d65f9185ca51e635e9044f209f91e0468bf984 100644
--- a/lib/bulk_imports/common/pipelines/wiki_pipeline.rb
+++ b/lib/bulk_imports/common/pipelines/wiki_pipeline.rb
@@ -27,7 +27,9 @@ def load(context, data)
schemes: %w[http https],
allow_local_network: allow_local_requests?,
allow_localhost: allow_local_requests?,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
+ )
wiki.create_wiki_repository
wiki.repository.fetch_as_mirror(url)
diff --git a/lib/bulk_imports/projects/pipelines/repository_pipeline.rb b/lib/bulk_imports/projects/pipelines/repository_pipeline.rb
index 04c887441f48b7d68ab2b141630bdc7bd481860a..0e3c28a5ea67c4f2ee83fe7d109b9a54b425402c 100644
--- a/lib/bulk_imports/projects/pipelines/repository_pipeline.rb
+++ b/lib/bulk_imports/projects/pipelines/repository_pipeline.rb
@@ -26,7 +26,9 @@ def load(context, data)
schemes: %w[http https],
allow_local_network: allow_local_requests?,
allow_localhost: allow_local_requests?,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
+ )
project.ensure_repository
project.repository.fetch_as_mirror(url)
diff --git a/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb b/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb
index a371c33d9ea66c0198ecfeff1ab1d7f1013079a0..8703cf00a118ce979ed1a7deee9a4898ed8fe6ae 100644
--- a/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb
+++ b/lib/bulk_imports/projects/pipelines/snippets_repository_pipeline.rb
@@ -58,7 +58,8 @@ def validate_url(url)
allow_local_network: allow_local_requests?,
allow_localhost: allow_local_requests?,
deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
- schemes: %w[http https]
+ schemes: %w[http https],
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
)
end
diff --git a/lib/gitlab/error_tracking/error_repository/open_api_strategy.rb b/lib/gitlab/error_tracking/error_repository/open_api_strategy.rb
index 9b9b0f65633b739ab3a5c2cf193f2e13e9bd4ecd..da46341b596094b21c7c8af0bb5dda93e7322821 100644
--- a/lib/gitlab/error_tracking/error_repository/open_api_strategy.rb
+++ b/lib/gitlab/error_tracking/error_repository/open_api_strategy.rb
@@ -236,7 +236,9 @@ def configured_api_url
url,
schemes: %w[http https],
allow_localhost: true,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
+ )
URI(url)
end
diff --git a/lib/gitlab/github_gists_import/importer/gist_importer.rb b/lib/gitlab/github_gists_import/importer/gist_importer.rb
index c2456f83711105b6fdac1fcb1ef69a930a83a51f..e26c1c3729ee752d941b48523ba7918872ddbeb0 100644
--- a/lib/gitlab/github_gists_import/importer/gist_importer.rb
+++ b/lib/gitlab/github_gists_import/importer/gist_importer.rb
@@ -64,7 +64,9 @@ def get_resolved_address
ports: Project::VALID_IMPORT_PORTS,
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
+ )
host.present? ? validated_pull_url.host.to_s : ''
end
diff --git a/lib/gitlab/http.rb b/lib/gitlab/http.rb
index 593ea4f721e1d96bc3cc7c5d3ee22348cb5fc707..8fa5dd1e05689f10be1243a01910229603d92e67 100644
--- a/lib/gitlab/http.rb
+++ b/lib/gitlab/http.rb
@@ -69,7 +69,7 @@ def http_v2_options(options)
allow_local_requests: Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?,
deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
dns_rebinding_protection_enabled: Gitlab::CurrentSettings.dns_rebinding_protection_enabled?,
- outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist, # rubocop:disable Naming/InclusiveLanguage
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist, # rubocop:disable Naming/InclusiveLanguage -- existing setting
silent_mode_enabled: Gitlab::SilentMode.enabled?
}.merge(options)
end
diff --git a/lib/gitlab/kubernetes/kube_client.rb b/lib/gitlab/kubernetes/kube_client.rb
index 593090902e796e2f73283b676105088953567a44..35b054936e748239184b20249d330038a6c14493 100644
--- a/lib/gitlab/kubernetes/kube_client.rb
+++ b/lib/gitlab/kubernetes/kube_client.rb
@@ -165,7 +165,9 @@ def validate_url!
api_prefix,
allow_local_network: false,
schemes: %w[http https],
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?)
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
+ )
end
def service_account_exists?(resource)
diff --git a/lib/gitlab/octokit/middleware.rb b/lib/gitlab/octokit/middleware.rb
index a93526da5ca20e7347f77695bb4e5665047c911c..685a417566b36a7db8414dad4936845df1f77317 100644
--- a/lib/gitlab/octokit/middleware.rb
+++ b/lib/gitlab/octokit/middleware.rb
@@ -13,7 +13,8 @@ def call(env)
allow_localhost: allow_local_requests?,
allow_local_network: allow_local_requests?,
dns_rebind_protection: dns_rebind_protection?,
- deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?
+ deny_all_requests_except_allowed: Gitlab::CurrentSettings.deny_all_requests_except_allowed?,
+ outbound_local_requests_allowlist: Gitlab::CurrentSettings.outbound_local_requests_whitelist # rubocop:disable Naming/InclusiveLanguage -- existing setting
)
@app.call(env)
diff --git a/spec/lib/gitlab/github_gists_import/importer/gist_importer_spec.rb b/spec/lib/gitlab/github_gists_import/importer/gist_importer_spec.rb
index b64348d447baf608e2be4bee1a7f3c58858345ac..b92bf12168835d25b8b0090eac96c63a67f7d923 100644
--- a/spec/lib/gitlab/github_gists_import/importer/gist_importer_spec.rb
+++ b/spec/lib/gitlab/github_gists_import/importer/gist_importer_spec.rb
@@ -169,6 +169,8 @@
.to receive(:allow_local_requests_from_web_hooks_and_services?).and_return(true)
allow(::Gitlab::CurrentSettings)
.to receive(:deny_all_requests_except_allowed?).and_return(true)
+ allow(::Gitlab::CurrentSettings)
+ .to receive(:outbound_local_requests_allowlist?).and_return([])
end
it 'raises error' do
@@ -176,7 +178,8 @@
.to receive(:validate!)
.with(url, ports: [80, 443], schemes: %w[http https git],
allow_localhost: true, allow_local_network: true,
- deny_all_requests_except_allowed: true)
+ deny_all_requests_except_allowed: true,
+ outbound_local_requests_allowlist: [])
.and_raise(Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError)
expect { subject.execute }.to raise_error(Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError)
@@ -189,6 +192,8 @@
.to receive(:allow_local_requests_from_web_hooks_and_services?).and_return(false)
allow(::Gitlab::CurrentSettings)
.to receive(:deny_all_requests_except_allowed?).and_return(true)
+ allow(::Gitlab::CurrentSettings)
+ .to receive(:outbound_local_requests_allowlist?).and_return([])
end
it 'raises error' do
@@ -196,7 +201,8 @@
.to receive(:validate!)
.with(url, ports: [80, 443], schemes: %w[http https git],
allow_localhost: false, allow_local_network: false,
- deny_all_requests_except_allowed: true)
+ deny_all_requests_except_allowed: true,
+ outbound_local_requests_allowlist: [])
.and_raise(Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError)
expect { subject.execute }.to raise_error(Gitlab::HTTP_V2::UrlBlocker::BlockedUrlError)