BigW Consortium Gitlab

importable_url_validator.rb 399 Bytes
Newer Older
1 2 3 4 5 6 7 8 9 10 11
# ImportableUrlValidator
#
# This validator blocks projects from using dangerous import_urls to help
# protect against Server-side Request Forgery (SSRF).
class ImportableUrlValidator < ActiveModel::EachValidator
  def validate_each(record, attribute, value)
    if Gitlab::UrlBlocker.blocked_url?(value)
      record.errors.add(attribute, "imports are not allowed from that URL")
    end
  end
end