Commit ae108ff7 authored by lookatmike's avatar lookatmike

Ignore invalid IPs in X-Forwarded-For when trusted proxies are configured.

parent e299504b
...@@ -36,6 +36,7 @@ v 8.11.0 (unreleased) ...@@ -36,6 +36,7 @@ v 8.11.0 (unreleased)
- Make error pages responsive (Takuya Noguchi) - Make error pages responsive (Takuya Noguchi)
- Change requests_profiles resource constraint to catch virtually any file - Change requests_profiles resource constraint to catch virtually any file
- Reduce number of queries made for merge_requests/:id/diffs - Reduce number of queries made for merge_requests/:id/diffs
- Ignore invalid IPs in X-Forwarded-For when trusted proxies are configured.
v 8.10.3 (unreleased) v 8.10.3 (unreleased)
- Fix hooks missing on imported GitLab projects - Fix hooks missing on imported GitLab projects
......
...@@ -7,6 +7,8 @@ module Rack ...@@ -7,6 +7,8 @@ module Rack
class Request class Request
def trusted_proxy?(ip) def trusted_proxy?(ip)
Rails.application.config.action_dispatch.trusted_proxies.any? { |proxy| proxy === ip } Rails.application.config.action_dispatch.trusted_proxies.any? { |proxy| proxy === ip }
rescue IPAddr::InvalidAddressError
false
end end
end end
end end
......
...@@ -47,6 +47,12 @@ describe 'trusted_proxies', lib: true do ...@@ -47,6 +47,12 @@ describe 'trusted_proxies', lib: true do
expect(request.remote_ip).to eq('1.1.1.1') expect(request.remote_ip).to eq('1.1.1.1')
expect(request.ip).to eq('1.1.1.1') expect(request.ip).to eq('1.1.1.1')
end end
it 'handles invalid ip addresses' do
request = stub_request('HTTP_X_FORWARDED_FOR' => '(null), 1.1.1.1:12345, 1.1.1.1')
expect(request.remote_ip).to eq('1.1.1.1')
expect(request.ip).to eq('1.1.1.1')
end
end end
def stub_request(headers = {}) def stub_request(headers = {})
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment