Skip to content

G
gitlab-ce
Commit 29c62366 authored by Jonston Chan's avatar Jonston Chan
Browse files
Options

Fix a typo in the secure coding guidelines document

parent ba2f6dbc
Show whitespace changes
Inline Side-by-side
Showing with 1 addition and 1 deletion
doc/development/secure_coding_guidelines.md
View file @ 29c62366
......@@ -213,7 +213,7 @@ the mitigations for a new feature.
#### Feature-specific Mitigations
For situtions in which an allowlist or GitLab:HTTP cannot be used, it will be necessary to implement mitigations directly in the feature. It is best to validate the destination IP addresses themselves, not just domain names, as DNS can be controlled by the attacker. Below are a list of mitigations that should be implemented.
For situations in which an allowlist or GitLab:HTTP cannot be used, it will be necessary to implement mitigations directly in the feature. It is best to validate the destination IP addresses themselves, not just domain names, as DNS can be controlled by the attacker. Below are a list of mitigations that should be implemented.
**Important Note:** There are many tricks to bypass common SSRF validations. If feature-specific mitigations are necessary, they should be reviewed by the AppSec team, or a developer who has worked on SSRF mitigations previously.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7