SECURITY: SSRF vulnerability in TopicEmbed

Block redirects when making the final request in TopicEmbed to prevent Server Side Request Forgery (SSRF)
2025-06-04 23:36:11 +08:00 · 2023-10-27 14:02:20 +11:00
parent 7d484864fe
commit 5f20748e40
2 changed files with 15 additions and 2 deletions
--- a/spec/models/topic_embed_spec.rb
+++ b/spec/models/topic_embed_spec.rb
@ -299,6 +299,19 @@ RSpec.describe TopicEmbed do
        response = TopicEmbed.find_remote(url)
        expect(response.title).to eq("Through the Looking Glass")
      end
+
+      it "doesn't follow redirect when making request" do
+        FinalDestination.any_instance.stubs(:resolve).returns(URI("https://redirect.com"))
+        stub_request(:get, "https://redirect.com/").to_return(
+          status: 301,
+          body: "<title>Moved permanently</title>",
+          headers: {
+            "Location" => "https://www.example.org/",
+          },
+        )
+        response = TopicEmbed.find_remote(url)
+        expect(response.title).to eq("Moved permanently")
+      end
    end

    context 'with post with allowed classes "foo" and "emoji"' do