FIX: Gracefully handle DNS issued from SSRF lookup when inline oneboxing (#19631)

There is an issue where chat message processing breaks due to unhandles `SocketError` exceptions originating in the SSRF check, specifically in `FinalDestination::Resolver`. This change gives `FinalDestination::SSRFDetector` a new error class to wrap the `SocketError` in, and haves the `RetrieveTitle` class handle that error gracefully.
2025-05-31 14:08:32 +08:00 · 2022-12-28 10:30:20 +08:00
parent 462e14e279
commit 06db264f24
4 changed files with 23 additions and 5 deletions
--- a/spec/lib/final_destination/ssrf_detector_spec.rb
+++ b/spec/lib/final_destination/ssrf_detector_spec.rb
@ -95,6 +95,13 @@ describe FinalDestination::SSRFDetector do
      )
    end

+    it "raises an exception if lookup fails" do
+      subject.stubs(:lookup_ips).raises(SocketError)
+      expect { subject.lookup_and_filter_ips("example.com") }.to raise_error(
+        subject::LookupFailedError,
+      )
+    end
+
    it "bypasses filtering for allowlisted hosts" do
      SiteSetting.allowed_internal_hosts = "example.com"
      subject.stubs(:lookup_ips).returns(["127.0.0.1"])