SECURITY: SSRF vulnerability in TopicEmbed

Block redirects when making the final request in TopicEmbed to prevent Server Side Request Forgery (SSRF)
This commit is contained in:
Krzysztof Kotlarek 2023-11-09 13:47:21 +11:00
parent 2ec2510517
commit 24cca10da7
2 changed files with 15 additions and 2 deletions

View File

@ -126,8 +126,8 @@ class TopicEmbed < ActiveRecord::Base
return if uri.blank?
begin
html = uri.read
rescue OpenURI::HTTPError, Net::OpenTimeout
html = FinalDestination::HTTP.get(uri)
rescue OpenURI::HTTPError, Net::OpenTimeout, FinalDestination::SSRFDetector::DisallowedIpError
return
end

View File

@ -299,6 +299,19 @@ RSpec.describe TopicEmbed do
response = TopicEmbed.find_remote(url)
expect(response.title).to eq("Through the Looking Glass")
end
it "doesn't follow redirect when making request" do
FinalDestination.any_instance.stubs(:resolve).returns(URI("https://redirect.com"))
stub_request(:get, "https://redirect.com/").to_return(
status: 301,
body: "<title>Moved permanently</title>",
headers: {
"Location" => "https://www.example.org/",
},
)
response = TopicEmbed.find_remote(url)
expect(response.title).to eq("Moved permanently")
end
end
context 'with post with allowed classes "foo" and "emoji"' do