SECURITY: Improve SSRF protections (#144)
See https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr
This commit is contained in:
David Taylor
GitHub
parent
7b8a1a3960
commit
820d04d1b2
|
|
@ -12,7 +12,7 @@ module DiscourseChatIntegration
|
|||
].freeze
|
||||
|
||||
def self.send_message(url, message)
|
||||
http = Net::HTTP.new("discord.com", 443)
|
||||
http = FinalDestination::HTTP.new("discord.com", 443)
|
||||
http.use_ssl = true
|
||||
|
||||
uri = URI(url)
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ module DiscourseChatIntegration::Provider::FlowdockProvider
|
|||
def self.send_message(url, message)
|
||||
uri = URI(url)
|
||||
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
http = FinalDestination::HTTP.new(uri.host, uri.port)
|
||||
http.use_ssl = true
|
||||
|
||||
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ module DiscourseChatIntegration
|
|||
message = get_message(post)
|
||||
uri = URI(channel.data['webhook_url'])
|
||||
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
http = FinalDestination::HTTP.new(uri.host, uri.port)
|
||||
http.use_ssl = (uri.scheme == 'https')
|
||||
|
||||
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ module DiscourseChatIntegration::Provider::GroupmeProvider
|
|||
instance_names.each { |instance_name|
|
||||
bot_id = name_to_id["#{instance_name}"]
|
||||
uri = URI("https://api.groupme.com/v3/bots/post")
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
http = FinalDestination::HTTP.new(uri.host, uri.port)
|
||||
http.use_ssl = (uri.scheme == 'https')
|
||||
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
|
||||
message[:bot_id] = bot_id
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ module DiscourseChatIntegration
|
|||
|
||||
def self.send_message(url, message)
|
||||
uri = URI(url)
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
http = FinalDestination::HTTP.new(uri.host, uri.port)
|
||||
http.use_ssl = (uri.scheme == 'https')
|
||||
|
||||
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ module DiscourseChatIntegration
|
|||
|
||||
uri = URI([url, url_params].join('?'))
|
||||
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
http = FinalDestination::HTTP.new(uri.host, uri.port)
|
||||
http.use_ssl = true
|
||||
|
||||
req = Net::HTTP::Put.new(uri, 'Content-Type' => 'application/json')
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ module DiscourseChatIntegration
|
|||
|
||||
uri = URI(SiteSetting.chat_integration_mattermost_webhook_url)
|
||||
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
http = FinalDestination::HTTP.new(uri.host, uri.port)
|
||||
http.use_ssl = (uri.scheme == 'https')
|
||||
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
|
||||
req.body = message.to_json
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ module DiscourseChatIntegration::Provider::RocketchatProvider
|
|||
def self.send_via_webhook(message)
|
||||
uri = URI(SiteSetting.chat_integration_rocketchat_webhook_url)
|
||||
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
http = FinalDestination::HTTP.new(uri.host, uri.port)
|
||||
http.use_ssl = (uri.scheme == 'https')
|
||||
|
||||
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
|
||||
|
|
|
|||
|
|
@ -137,7 +137,7 @@ module DiscourseChatIntegration::Provider::SlackProvider
|
|||
end
|
||||
|
||||
def self.send_via_webhook(message)
|
||||
http = Net::HTTP.new("hooks.slack.com", 443)
|
||||
http = FinalDestination::HTTP.new("hooks.slack.com", 443)
|
||||
http.use_ssl = true
|
||||
req = Net::HTTP::Post.new(URI(SiteSetting.chat_integration_slack_outbound_webhook_url), 'Content-Type' => 'application/json')
|
||||
req.body = message.to_json
|
||||
|
|
@ -170,7 +170,7 @@ module DiscourseChatIntegration::Provider::SlackProvider
|
|||
end
|
||||
|
||||
def self.slack_api_http
|
||||
http = Net::HTTP.new("slack.com", 443)
|
||||
http = FinalDestination::HTTP.new("slack.com", 443)
|
||||
http.use_ssl = true
|
||||
http.read_timeout = 5 # seconds
|
||||
http
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ module DiscourseChatIntegration::Provider::TeamsProvider
|
|||
message = get_message(post)
|
||||
uri = URI(channel.data['webhook_url'])
|
||||
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
http = FinalDestination::HTTP.new(uri.host, uri.port)
|
||||
http.use_ssl = (uri.scheme == 'https')
|
||||
|
||||
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ module DiscourseChatIntegration
|
|||
end
|
||||
|
||||
def self.do_api_request(methodName, message)
|
||||
http = Net::HTTP.new("api.telegram.org", 443)
|
||||
http = FinalDestination::HTTP.new("api.telegram.org", 443)
|
||||
http.use_ssl = true
|
||||
|
||||
access_token = SiteSetting.chat_integration_telegram_access_token
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ module DiscourseChatIntegration::Provider::WebexProvider
|
|||
message = get_message(post)
|
||||
uri = URI(channel.data['webhook_url'])
|
||||
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
http = FinalDestination::HTTP.new(uri.host, uri.port)
|
||||
http.use_ssl = (uri.scheme == 'https')
|
||||
|
||||
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ module DiscourseChatIntegration
|
|||
def self.send_message(message)
|
||||
uri = URI("#{SiteSetting.chat_integration_zulip_server}/api/v1/messages")
|
||||
|
||||
http = Net::HTTP.new(uri.host, uri.port)
|
||||
http = FinalDestination::HTTP.new(uri.host, uri.port)
|
||||
http.use_ssl = (uri.scheme == 'https')
|
||||
|
||||
req = Net::HTTP::Post.new(uri)
|
||||
|
|
|
|||
Loading…
Reference in New Issue