Add option to disallow WebHook to private addresses (#2397)

2025-11-07 05:55:51 +01:00 · 2019-12-29 16:13:24 +09:00
parent 04bc92001f
commit 5257c83563
23 changed files with 246 additions and 94 deletions
--- a/src/test/scala/gitbucket/core/service/ServiceSpecBase.scala
+++ b/src/test/scala/gitbucket/core/service/ServiceSpecBase.scala
@@ -51,7 +51,11 @@ trait ServiceSpecBase extends MockitoSugar {
      oidcAuthentication = false,
      oidc = None,
      skinName = "skin-blue",
-      showMailAddress = false
+      showMailAddress = false,
+      webHook = SystemSettingsService.WebHook(
+        blockPrivateAddress = false,
+        whitelist = Nil
+      )
    )

  def withTestDB[A](action: (Session) => A): A = {
@@ -137,7 +141,8 @@ trait ServiceSpecBase extends MockitoSugar {
      commitIdFrom = baesBranch,
      commitIdTo = requestBranch,
      isDraft = false,
-      loginAccount = loginAccount.get
+      loginAccount = loginAccount.get,
+      settings = createSystemSettings()
    )
    dummyService.getPullRequest(baseUserName, baseRepositoryName, issueId).get
  }
--- a/src/test/scala/gitbucket/core/util/HttpClientUtilSpec.scala
+++ b/src/test/scala/gitbucket/core/util/HttpClientUtilSpec.scala
@@ -0,0 +1,14 @@
+package gitbucket.core.util
+
+import org.scalatest.FunSuite
+
+class HttpClientUtilSpec extends FunSuite {
+
+  test("isPrivateAddress") {
+    assert(HttpClientUtil.isPrivateAddress("localhost") == true)
+    assert(HttpClientUtil.isPrivateAddress("192.168.10.2") == true)
+    assert(HttpClientUtil.isPrivateAddress("169.254.169.254") == true)
+    assert(HttpClientUtil.isPrivateAddress("www.google.com") == false)
+  }
+
+}
--- a/src/test/scala/gitbucket/core/view/AvatarImageProviderSpec.scala
+++ b/src/test/scala/gitbucket/core/view/AvatarImageProviderSpec.scala
@@ -2,12 +2,12 @@ package gitbucket.core.view

 import java.text.SimpleDateFormat
 import java.util.Date
-import javax.servlet.http.{HttpServletRequest, HttpSession}

+import javax.servlet.http.{HttpServletRequest, HttpSession}
 import gitbucket.core.controller.Context
 import gitbucket.core.model.Account
 import gitbucket.core.service.RequestCache
-import gitbucket.core.service.SystemSettingsService.{Ssh, SystemSettings}
+import gitbucket.core.service.SystemSettingsService.{Ssh, SystemSettings, WebHook}
 import org.mockito.Mockito._
 import org.scalatest.FunSpec
 import org.scalatestplus.mockito.MockitoSugar
@@ -137,7 +137,11 @@ class AvatarImageProviderSpec extends FunSpec with MockitoSugar {
      oidcAuthentication = false,
      oidc = None,
      skinName = "skin-blue",
-      showMailAddress = false
+      showMailAddress = false,
+      webHook = WebHook(
+        blockPrivateAddress = false,
+        whitelist = Nil
+      )
    )

  /**