FIX: Gracefully handle DNS issued from SSRF lookup when inline oneboxing (#19631)

There is an issue where chat message processing breaks due to
unhandles `SocketError` exceptions originating in the SSRF check,
specifically in `FinalDestination::Resolver`.

This change gives `FinalDestination::SSRFDetector` a new error class
to wrap the `SocketError` in, and haves the `RetrieveTitle` class
handle that error gracefully.
This commit is contained in:
Ted Johansson
2022-12-28 10:30:20 +08:00
committed by GitHub
parent 462e14e279
commit 06db264f24
4 changed files with 23 additions and 5 deletions

View File

@ -95,6 +95,13 @@ describe FinalDestination::SSRFDetector do
)
end
it "raises an exception if lookup fails" do
subject.stubs(:lookup_ips).raises(SocketError)
expect { subject.lookup_and_filter_ips("example.com") }.to raise_error(
subject::LookupFailedError,
)
end
it "bypasses filtering for allowlisted hosts" do
SiteSetting.allowed_internal_hosts = "example.com"
subject.stubs(:lookup_ips).returns(["127.0.0.1"])