Ensure URLs with IP addresses for the host do not generate previews

This commit is contained in:
Mark Felder 2024-02-05 00:09:37 -05:00
parent 579561e97b
commit 0cc038b67c
3 changed files with 10 additions and 8 deletions

View file

@ -29,6 +29,9 @@ defmodule Pleroma.Web.RichMedia.Helpers do
defp validate_page_url(%URI{host: host, scheme: "https"}) do defp validate_page_url(%URI{host: host, scheme: "https"}) do
cond do cond do
Linkify.Parser.ip?(host) ->
:error
host in @config_impl.get([:rich_media, :ignore_hosts], []) -> host in @config_impl.get([:rich_media, :ignore_hosts], []) ->
:error :error

View file

@ -111,8 +111,6 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
) )
end end
# This does not seem to work. The urls are being fetched.
@tag skip: true
test "refuses to crawl URLs of private network from posts" do test "refuses to crawl URLs of private network from posts" do
user = insert(:user) user = insert(:user)
@ -130,10 +128,10 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
path -> Pleroma.Test.StaticConfig.get(path) path -> Pleroma.Test.StaticConfig.get(path)
end) end)
assert %{} = Helpers.fetch_data_for_activity(activity) assert %{} == Helpers.fetch_data_for_activity(activity)
assert %{} = Helpers.fetch_data_for_activity(activity2) assert %{} == Helpers.fetch_data_for_activity(activity2)
assert %{} = Helpers.fetch_data_for_activity(activity3) assert %{} == Helpers.fetch_data_for_activity(activity3)
assert %{} = Helpers.fetch_data_for_activity(activity4) assert %{} == Helpers.fetch_data_for_activity(activity4)
assert %{} = Helpers.fetch_data_for_activity(activity5) assert %{} == Helpers.fetch_data_for_activity(activity5)
end end
end end

View file

@ -1549,7 +1549,8 @@ defmodule HttpRequestMock do
"https://example.com/ogp-missing-data", "https://example.com/ogp-missing-data",
"https://example.com/twitter-card", "https://example.com/twitter-card",
"https://google.com/", "https://google.com/",
"https://yahoo.com/" "https://yahoo.com/",
"https://pleroma.local/notice/9kCP7V"
] ]
def head(url, _query, _body, _headers) when url in @rich_media_mocks do def head(url, _query, _body, _headers) when url in @rich_media_mocks do
{:ok, %Tesla.Env{status: 404, body: ""}} {:ok, %Tesla.Env{status: 404, body: ""}}