proxy_http_connection_adapter.rb 1.13 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12
# This class is part of the Gitlab::HTTP wrapper. Depending on the value
# of the global setting allow_local_requests_from_hooks_and_services this adapter
# will allow/block connection to internal IPs and/or urls.
#
# This functionality can be overriden by providing the setting the option
# allow_local_requests = true in the request. For example:
# Gitlab::HTTP.get('http://www.gitlab.com', allow_local_requests: true)
#
# This option will take precedence over the global setting.
module Gitlab
  class ProxyHTTPConnectionAdapter < HTTParty::ConnectionAdapter
    def connection
13 14 15 16 17 18
      unless allow_local_requests?
        begin
          Gitlab::UrlBlocker.validate!(uri, allow_private_networks: false)
        rescue Gitlab::UrlBlocker::BlockedUrlError => e
          raise Gitlab::HTTP::BlockedUrlError, "URL '#{uri}' is blocked: #{e.message}"
        end
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
      end

      super
    end

    private

    def allow_local_requests?
      options.fetch(:allow_local_requests, allow_settings_local_requests?)
    end

    def allow_settings_local_requests?
      Gitlab::CurrentSettings.allow_local_requests_from_hooks_and_services?
    end
  end
end