diff options
| author | Mark Felder <feld@feld.me> | 2024-02-05 00:09:37 -0500 |
|---|---|---|
| committer | Mark Felder <feld@feld.me> | 2024-02-05 00:09:37 -0500 |
| commit | 0cc038b67c231090827c1b4e71a32f65ee7c3d88 (patch) | |
| tree | 807c250040165fd768477586b9d5c1df534e865a | |
| parent | 579561e97ba83183022d4bd2658522be6b6ae202 (diff) | |
Ensure URLs with IP addresses for the host do not generate previews
| -rw-r--r-- | lib/pleroma/web/rich_media/helpers.ex | 3 | ||||
| -rw-r--r-- | test/pleroma/web/rich_media/helpers_test.exs | 12 | ||||
| -rw-r--r-- | test/support/http_request_mock.ex | 3 |
3 files changed, 10 insertions, 8 deletions
diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index 9d6b8a38b..1501776d9 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -29,6 +29,9 @@ defmodule Pleroma.Web.RichMedia.Helpers do defp validate_page_url(%URI{host: host, scheme: "https"}) do cond do + Linkify.Parser.ip?(host) -> + :error + host in @config_impl.get([:rich_media, :ignore_hosts], []) -> :error diff --git a/test/pleroma/web/rich_media/helpers_test.exs b/test/pleroma/web/rich_media/helpers_test.exs index 8f6713ef8..bf7372476 100644 --- a/test/pleroma/web/rich_media/helpers_test.exs +++ b/test/pleroma/web/rich_media/helpers_test.exs @@ -111,8 +111,6 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do ) end - # This does not seem to work. The urls are being fetched. - @tag skip: true test "refuses to crawl URLs of private network from posts" do user = insert(:user) @@ -130,10 +128,10 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do path -> Pleroma.Test.StaticConfig.get(path) end) - assert %{} = Helpers.fetch_data_for_activity(activity) - assert %{} = Helpers.fetch_data_for_activity(activity2) - assert %{} = Helpers.fetch_data_for_activity(activity3) - assert %{} = Helpers.fetch_data_for_activity(activity4) - assert %{} = Helpers.fetch_data_for_activity(activity5) + assert %{} == Helpers.fetch_data_for_activity(activity) + assert %{} == Helpers.fetch_data_for_activity(activity2) + assert %{} == Helpers.fetch_data_for_activity(activity3) + assert %{} == Helpers.fetch_data_for_activity(activity4) + assert %{} == Helpers.fetch_data_for_activity(activity5) end end diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index b220fd051..df3371a75 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -1549,7 +1549,8 @@ defmodule HttpRequestMock do "https://example.com/ogp-missing-data", "https://example.com/twitter-card", "https://google.com/", - "https://yahoo.com/" + "https://yahoo.com/", + "https://pleroma.local/notice/9kCP7V" ] def head(url, _query, _body, _headers) when url in @rich_media_mocks do {:ok, %Tesla.Env{status: 404, body: ""}} |