This commit is contained in:
syuilo
2021-12-17 13:59:25 +09:00
parent 6b918be692
commit bbc2e44526
3 changed files with 33 additions and 8 deletions

View File

@ -74,8 +74,12 @@ export default async (url: URL.Url, lang: string = null): Promise<Summary> => {
const find = async (path: string) => {
const target = URL.resolve(url.href, path);
const res = await head(target);
return res.statusCode === 200 ? target : null;
try {
await head(target);
return target;
} catch (e) {
return null;
}
};
// 相対的なURL (ex. test) を絶対的 (ex. /test) に変換

View File

@ -1,5 +1,3 @@
import * as stream from 'stream';
import * as util from 'util';
import { version } from '../../package.json';
import got, * as Got from 'got';
import { StatusError } from './status-error';
@ -7,14 +5,12 @@ import { detectEncoding, toUtf8 } from './encoding';
import * as cheerio from 'cheerio';
const PrivateIp = require('private-ip');
const pipeline = util.promisify(stream.pipeline);
const RESPONSE_TIMEOUT = 20 * 1000;
const OPERATION_TIMEOUT = 60 * 1000;
const MAX_RESPONSE_SIZE = 10 * 1024 * 1024;
const BOT_UA = `SummalyBot/${version}`;
export async function scpaping(url: string, opts?: { lang?: string }) {
export async function scpaping(url: string, opts?: { lang?: string; }) {
const response = await getResponse({
url,
method: 'GET',
@ -26,7 +22,10 @@ export async function scpaping(url: string, opts?: { lang?: string }) {
typeFilter: /^text\/html/,
});
if (response.ip && PrivateIp(response.ip)) {
// テスト用
const allowPrivateIp = process.env.SUMMALY_ALLOW_PRIVATE_IP === 'true';
if (!allowPrivateIp && response.ip && PrivateIp(response.ip)) {
throw new StatusError(`Private IP rejected ${response.ip}`, 400, 'Private IP Rejected');
}

View File

@ -16,6 +16,7 @@ Error.stackTraceLimit = Infinity;
// During the test the env variable is set to test
process.env.NODE_ENV = 'test';
process.env.SUMMALY_ALLOW_PRIVATE_IP = 'true';
// Display detail of unhandled promise rejection
process.on('unhandledRejection', console.dir);
@ -68,6 +69,27 @@ it('titleがcleanupされる', done => {
});
});
describe('Private IP blocking', () => {
before(() => {
process.env.SUMMALY_ALLOW_PRIVATE_IP = 'false';
});
it('private ipなサーバーの情報を取得できない', done => {
const app = express();
app.get('/', (req, res) => {
res.sendFile(__dirname + '/htmls/og-title.html');
});
server = app.listen(port, async () => {
await assert.rejects(async () => await summaly(host));
done();
});
});
after(() => {
process.env.SUMMALY_ALLOW_PRIVATE_IP = 'true';
});
});
describe('OGP', () => {
it('title', done => {
const app = express();