logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git
commit: 0cc038b67c231090827c1b4e71a32f65ee7c3d88
parent 579561e97ba83183022d4bd2658522be6b6ae202
Author: Mark Felder <feld@feld.me>
Date:   Mon,  5 Feb 2024 00:09:37 -0500

Ensure URLs with IP addresses for the host do not generate previews


Diffstat:


Mlib/pleroma/web/rich_media/helpers.ex3+++


Mtest/pleroma/web/rich_media/helpers_test.exs12+++++-------


Mtest/support/http_request_mock.ex3++-


3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/lib/pleroma/web/rich_media/helpers.ex b/lib/pleroma/web/rich_media/helpers.ex
@@ -29,6 +29,9 @@ defmodule Pleroma.Web.RichMedia.Helpers do
 
   defp validate_page_url(%URI{host: host, scheme: "https"}) do
     cond do
+      Linkify.Parser.ip?(host) ->
+        :error
+
       host in @config_impl.get([:rich_media, :ignore_hosts], []) ->
         :error
 
diff --git a/test/pleroma/web/rich_media/helpers_test.exs b/test/pleroma/web/rich_media/helpers_test.exs
@@ -111,8 +111,6 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
            )
   end
 
-  # This does not seem to work. The urls are being fetched.
-  @tag skip: true
   test "refuses to crawl URLs of private network from posts" do
     user = insert(:user)
 
@@ -130,10 +128,10 @@ defmodule Pleroma.Web.RichMedia.HelpersTest do
       path -> Pleroma.Test.StaticConfig.get(path)
     end)
 
-    assert %{} = Helpers.fetch_data_for_activity(activity)
-    assert %{} = Helpers.fetch_data_for_activity(activity2)
-    assert %{} = Helpers.fetch_data_for_activity(activity3)
-    assert %{} = Helpers.fetch_data_for_activity(activity4)
-    assert %{} = Helpers.fetch_data_for_activity(activity5)
+    assert %{} == Helpers.fetch_data_for_activity(activity)
+    assert %{} == Helpers.fetch_data_for_activity(activity2)
+    assert %{} == Helpers.fetch_data_for_activity(activity3)
+    assert %{} == Helpers.fetch_data_for_activity(activity4)
+    assert %{} == Helpers.fetch_data_for_activity(activity5)
   end
 end
diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex
@@ -1549,7 +1549,8 @@ defmodule HttpRequestMock do
     "https://example.com/ogp-missing-data",
     "https://example.com/twitter-card",
     "https://google.com/",
-    "https://yahoo.com/"
+    "https://yahoo.com/",
+    "https://pleroma.local/notice/9kCP7V"
   ]
   def head(url, _query, _body, _headers) when url in @rich_media_mocks do
     {:ok, %Tesla.Env{status: 404, body: ""}}