From 0276cf5a02f555938a7a3e71b6ab24228b1a5fda Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Tue, 25 Jun 2019 15:52:53 +0300 Subject: fix validate_url for private ip --- lib/pleroma/web/rich_media/helpers.ex | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index 94f56f70d..473ff800f 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -8,13 +8,21 @@ defmodule Pleroma.Web.RichMedia.Helpers do alias Pleroma.Object alias Pleroma.Web.RichMedia.Parser + @private_ip_regexp ~r/(127\.)|(10\.\d+\.\d+.\d+)|(192\.168\.) + |(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(localhost)/ + defp validate_page_url(page_url) when is_binary(page_url) do validate_tld = Application.get_env(:auto_linker, :opts)[:validate_tld] - if AutoLinker.Parser.url?(page_url, scheme: true, validate_tld: validate_tld) do - URI.parse(page_url) |> validate_page_url - else - :error + cond do + Regex.match?(@private_ip_regexp, page_url) -> + :error + + AutoLinker.Parser.url?(page_url, scheme: true, validate_tld: validate_tld) -> + URI.parse(page_url) |> validate_page_url + + true -> + :error end end -- cgit v1.2.3 From 4ad15ad2a90ca1ac370c8a79f796adc603a90479 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Tue, 25 Jun 2019 22:25:37 +0300 Subject: add ignore hosts and TLDs for rich_media --- lib/pleroma/web/rich_media/helpers.ex | 40 +++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 11 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index 473ff800f..4ece3e846 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -4,35 +4,53 @@ defmodule Pleroma.Web.RichMedia.Helpers do alias Pleroma.Activity + alias Pleroma.Config alias Pleroma.HTML alias Pleroma.Object alias Pleroma.Web.RichMedia.Parser - @private_ip_regexp ~r/(127\.)|(10\.\d+\.\d+.\d+)|(192\.168\.) - |(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(localhost)/ + @validate_tld Application.get_env(:auto_linker, :opts)[:validate_tld] + @spec validate_page_url(any()) :: :ok | :error defp validate_page_url(page_url) when is_binary(page_url) do - validate_tld = Application.get_env(:auto_linker, :opts)[:validate_tld] + page_url + |> AutoLinker.Parser.url?(scheme: true, validate_tld: @validate_tld) + |> parse_uri(page_url) + end + defp validate_page_url(%URI{host: host, scheme: scheme, authority: authority}) + when scheme == "https" and not is_nil(authority) do cond do - Regex.match?(@private_ip_regexp, page_url) -> + host in Config.get([:rich_media, :ignore_hosts], []) -> :error - AutoLinker.Parser.url?(page_url, scheme: true, validate_tld: validate_tld) -> - URI.parse(page_url) |> validate_page_url + get_tld(host) in Config.get([:rich_media, :ignore_tld], []) -> + :error true -> - :error + :ok end end - defp validate_page_url(%URI{authority: nil}), do: :error - defp validate_page_url(%URI{scheme: nil}), do: :error - defp validate_page_url(%URI{}), do: :ok defp validate_page_url(_), do: :error + defp parse_uri(true, url) do + url + |> URI.parse() + |> validate_page_url + end + + defp parse_uri(_, _), do: :error + + defp get_tld(host) do + host + |> String.split(".") + |> Enum.reverse() + |> hd + end + def fetch_data_for_activity(%Activity{data: %{"type" => "Create"}} = activity) do - with true <- Pleroma.Config.get([:rich_media, :enabled]), + with true <- Config.get([:rich_media, :enabled]), %Object{} = object <- Object.normalize(activity), false <- object.data["sensitive"] || false, {:ok, page_url} <- HTML.extract_first_external_url(object, object.data["content"]), -- cgit v1.2.3 From 5c0f646cef37e1abc02f5c8a64205d81b2d4d4c4 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Wed, 26 Jun 2019 06:24:12 +0300 Subject: fix validate_page_url --- lib/pleroma/web/rich_media/helpers.ex | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index 4ece3e846..6506de46c 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -9,12 +9,12 @@ defmodule Pleroma.Web.RichMedia.Helpers do alias Pleroma.Object alias Pleroma.Web.RichMedia.Parser - @validate_tld Application.get_env(:auto_linker, :opts)[:validate_tld] - @spec validate_page_url(any()) :: :ok | :error defp validate_page_url(page_url) when is_binary(page_url) do + validate_tld = Application.get_env(:auto_linker, :opts)[:validate_tld] + page_url - |> AutoLinker.Parser.url?(scheme: true, validate_tld: @validate_tld) + |> AutoLinker.Parser.url?(scheme: true, validate_tld: validate_tld) |> parse_uri(page_url) end -- cgit v1.2.3