Add validation to webhook and service URLs to ensure they are not blocked because of SSRF

author: Francisco Javier López <fjlopez@gitlab.com> 2018-06-01 11:43:53 +0000
committer: Douwe Maan <douwe@gitlab.com> 2018-06-01 11:43:53 +0000
commit: 840f80d48b7d8363f171f6137cd9f1fbafb52bfc (patch)
tree: 612c6f9b846f9f2f3b44931db12557024c49ef66 /app/services
parent: e206e32881e4fbfcbe647d7b2ee713c99ef1bf99 (diff)
download: gitlab-ce-840f80d48b7d8363f171f6137cd9f1fbafb52bfc.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/app/services/projects/import_service.rb b/app/services/projects/import_service.rb
index bdd9598f85a..00080717600 100644
--- a/app/services/projects/import_service.rb
+++ b/app/services/projects/import_service.rb
@@ -29,7 +29,7 @@ module Projects
     def add_repository_to_project
       if project.external_import? && !unknown_url?
         begin
-          Gitlab::UrlBlocker.validate!(project.import_url, valid_ports: Project::VALID_IMPORT_PORTS)
+          Gitlab::UrlBlocker.validate!(project.import_url, ports: Project::VALID_IMPORT_PORTS)
         rescue Gitlab::UrlBlocker::BlockedUrlError => e
           raise Error, "Blocked import URL: #{e.message}"
         end
author	Francisco Javier López <fjlopez@gitlab.com>	2018-06-01 11:43:53 +0000
committer	Douwe Maan <douwe@gitlab.com>	2018-06-01 11:43:53 +0000
commit	840f80d48b7d8363f171f6137cd9f1fbafb52bfc (patch)
tree	612c6f9b846f9f2f3b44931db12557024c49ef66 /app/services
parent	e206e32881e4fbfcbe647d7b2ee713c99ef1bf99 (diff)
download	gitlab-ce-840f80d48b7d8363f171f6137cd9f1fbafb52bfc.tar.gz