`gollum-lib` allows HTTPS based SSRF via `Gollum::Filter::RemoteCode`
Summary
SSRF is possible via Wiki pages due to a gollum-lib
feature.
Details
As documented in lib/gollum-lib/filter/remote_code.rb:
# Remote code - fetch code from url and replace the contents to a
# code-block that gets run the next parse.
# Acceptable formats:
# ```language:local-file.ext```
# ```language:/abs/other-file.ext```
# ```language:https://example.com/somefile.txt```
There's a RemoteCode
filter which allows to pull content from arbitrary HTTPS URLs. No further validation takes place to protect from SSRF issues.
Steps to reproduce
Create a Wiki page with the following content:
```html:https://gitlab.com/```
and make sure to pick RDoc
from the dropdown.