Merge branch 'revert-b9470d9e' into 'master'

Revert "Merge branch 'kassio/import-validate-url-before-downloading' into 'master'" See merge request gitlab-org/gitlab!60614

Merge branch 'revert-b9470d9e' into 'master'
Revert "Merge branch 'kassio/import-validate-url-before-downloading' into 'master'" See merge request gitlab-org/gitlab!60614
445c12d4 · James Lopez · 5ff51c71 · f1a3cd3e · 445c12d4 · 445c12d4
Commit 445c12d4 authored Apr 29, 2021 by James Lopez
Showing with 0 additions and 44 deletions

lib/gitlab/import_export/command_line_util.rb lib/gitlab/import_export/command_line_util.rb +0 -15

spec/lib/gitlab/import_export/command_line_util_spec.rb spec/lib/gitlab/import_export/command_line_util_spec.rb +0 -29

No files found.
--- a/lib/gitlab/import_export/command_line_util.rb
+++ b/lib/gitlab/import_export/command_line_util.rb
@@ -30,8 +30,6 @@ module Gitlab
      end

      def download(url, upload_path)
-        validate_url!(url)
-
        File.open(upload_path, 'w') do |file|
          # Download (stream) file from the uploader's location
          IO.copy_stream(URI.parse(url).open, file)
@@ -65,19 +63,6 @@ module Gitlab
        FileUtils.copy_entry(source, destination)
        true
      end
-
-      def validate_url!(url)
-        ::Gitlab::UrlBlocker.validate!(
-          url,
-          allow_localhost: allow_local_requests?,
-          allow_local_network: allow_local_requests?,
-          schemes: %w(http https)
-        )
-      end
-
-      def allow_local_requests?
-        ::Gitlab::CurrentSettings.allow_local_requests_from_web_hooks_and_services?
-      end
    end
  end
 end
--- a/spec/lib/gitlab/import_export/command_line_util_spec.rb
+++ b/spec/lib/gitlab/import_export/command_line_util_spec.rb
@@ -16,10 +16,6 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil do
      def initialize
        @shared = Gitlab::ImportExport::Shared.new(nil)
      end
-
-      def execute_download(url)
-        download(url, 'path')
-      end
    end.new
  end

@@ -39,29 +35,4 @@ RSpec.describe Gitlab::ImportExport::CommandLineUtil do
  it 'has the right mask for uploads' do
    expect(file_permissions("#{path}/uploads")).to eq(0755) # originally 555
  end
-
-  context 'validates the URL before executing the download' do
-    before do
-      stub_application_setting(allow_local_requests_from_web_hooks_and_services: false)
-    end
-
-    it 'raises error when the given URL is blocked' do
-      expect { subject.execute_download('http://localhost:3000/file') }
-        .to raise_error(Gitlab::UrlBlocker::BlockedUrlError, 'Requests to localhost are not allowed')
-    end
-
-    it 'executes the download when the URL is allowed' do
-      expect_next_instance_of(URI::HTTP) do |uri|
-        expect(uri)
-          .to receive(:open)
-          .and_return('file content')
-      end
-
-      expect(IO)
-        .to receive(:copy_stream)
-        .with('file content', instance_of(File))
-
-      subject.execute_download('http://some.url.remote/file')
-    end
-  end
 end