mirror of
https://github.com/discourse/discourse.git
synced 2025-05-28 13:51:18 +08:00
FIX: Gracefully handle DNS issued from SSRF lookup when inline oneboxing (#19631)
There is an issue where chat message processing breaks due to unhandles `SocketError` exceptions originating in the SSRF check, specifically in `FinalDestination::Resolver`. This change gives `FinalDestination::SSRFDetector` a new error class to wrap the `SocketError` in, and haves the `RetrieveTitle` class handle that error gracefully.
This commit is contained in:
@ -95,6 +95,13 @@ describe FinalDestination::SSRFDetector do
|
||||
)
|
||||
end
|
||||
|
||||
it "raises an exception if lookup fails" do
|
||||
subject.stubs(:lookup_ips).raises(SocketError)
|
||||
expect { subject.lookup_and_filter_ips("example.com") }.to raise_error(
|
||||
subject::LookupFailedError,
|
||||
)
|
||||
end
|
||||
|
||||
it "bypasses filtering for allowlisted hosts" do
|
||||
SiteSetting.allowed_internal_hosts = "example.com"
|
||||
subject.stubs(:lookup_ips).returns(["127.0.0.1"])
|
||||
|
Reference in New Issue
Block a user