From 0cc038b67c231090827c1b4e71a32f65ee7c3d88 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 5 Feb 2024 00:09:37 -0500 Subject: [PATCH] Ensure URLs with IP addresses for the host do not generate previews --- lib/pleroma/web/rich_media/helpers.ex | 3 +++ test/pleroma/web/rich_media/helpers_test.exs | 12 +++++------- test/support/http_request_mock.ex | 3 ++- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex index 9d6b8a38b2..1501776d98 100644 --- a/lib/pleroma/web/rich_media/helpers.ex +++ b/lib/pleroma/web/rich_media/helpers.ex @@ -29,6 +29,9 @@ defp validate_page_url(page_url) when is_binary(page_url) do defp validate_page_url(%URI{host: host, scheme: "https"}) do cond do + Linkify.Parser.ip?(host) -> + :error + host in @config_impl.get([:rich_media, :ignore_hosts], []) -> :error diff --git a/test/pleroma/web/rich_media/helpers_test.exs b/test/pleroma/web/rich_media/helpers_test.exs index 8f6713ef8e..bf73724767 100644 --- a/test/pleroma/web/rich_media/helpers_test.exs +++ b/test/pleroma/web/rich_media/helpers_test.exs @@ -111,8 +111,6 @@ test "recrawls URLs on updates" do ) end - # This does not seem to work. The urls are being fetched. - @tag skip: true test "refuses to crawl URLs of private network from posts" do user = insert(:user) @@ -130,10 +128,10 @@ test "refuses to crawl URLs of private network from posts" do path -> Pleroma.Test.StaticConfig.get(path) end) - assert %{} = Helpers.fetch_data_for_activity(activity) - assert %{} = Helpers.fetch_data_for_activity(activity2) - assert %{} = Helpers.fetch_data_for_activity(activity3) - assert %{} = Helpers.fetch_data_for_activity(activity4) - assert %{} = Helpers.fetch_data_for_activity(activity5) + assert %{} == Helpers.fetch_data_for_activity(activity) + assert %{} == Helpers.fetch_data_for_activity(activity2) + assert %{} == Helpers.fetch_data_for_activity(activity3) + assert %{} == Helpers.fetch_data_for_activity(activity4) + assert %{} == Helpers.fetch_data_for_activity(activity5) end end diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex index b220fd0517..df3371a75f 100644 --- a/test/support/http_request_mock.ex +++ b/test/support/http_request_mock.ex @@ -1549,7 +1549,8 @@ def post(url, query, body, headers) do "https://example.com/ogp-missing-data", "https://example.com/twitter-card", "https://google.com/", - "https://yahoo.com/" + "https://yahoo.com/", + "https://pleroma.local/notice/9kCP7V" ] def head(url, _query, _body, _headers) when url in @rich_media_mocks do {:ok, %Tesla.Env{status: 404, body: ""}}