misskey-dev/summaly
1
0
Fork 0
mirror of https://github.com/misskey-dev/summaly.git synced 2025-04-29 02:37:27 +09:00
Code Issues Packages Projects Releases Wiki Activity

Fix GHSA-jqx4-9gpq-rppm

Browse Source
This commit is contained in:
Julia Johannesen 2025-04-27 00:30:13 -04:00
parent 1b93243ff9
commit dfe6451012
No known key found for this signature in database
GPG Key ID: 4A1377AF3E7FBC46
2 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/utils/got.ts
View File

@ -59,17 +59,6 @@ export async function scpaping(
) { ) {
const args = getGotOptions(url, opts); const args = getGotOptions(url, opts);
const headResponse = await getResponse({
...args,
method: 'HEAD',
});
// SUMMALY_ALLOW_PRIVATE_IPはテスト用
const allowPrivateIp = process.env.SUMMALY_ALLOW_PRIVATE_IP === 'true' || Object.keys(agent).length > 0;
if (!allowPrivateIp && headResponse.ip && PrivateIp(headResponse.ip)) {
throw new StatusError(`Private IP rejected ${headResponse.ip}`, 400, 'Private IP Rejected');
}
const response = await getResponse({ const response = await getResponse({
...args, ...args,
method: 'GET', method: 'GET',
@ -134,6 +123,14 @@ export async function getResponse(args: GotOptions) {
const res = await receiveResponse({ req, opts: args }); const res = await receiveResponse({ req, opts: args });
// SUMMALY_ALLOW_PRIVATE_IPはテスト用
// TODO: Try moving this to receiveResponse- ATM `got` doesn't provide a means
// to check the IP/response header data while streaming the response...
const allowPrivateIp = process.env.SUMMALY_ALLOW_PRIVATE_IP === 'true' || Object.keys(agent).length > 0;
if (!allowPrivateIp && res.ip && PrivateIp(res.ip)) {
throw new StatusError(`Private IP rejected ${res.ip}`, 400, 'Private IP Rejected');
}
// Check html // Check html
const contentType = res.headers['content-type']; const contentType = res.headers['content-type'];
if (args.typeFilter && !contentType?.match(args.typeFilter)) { if (args.typeFilter && !contentType?.match(args.typeFilter)) {

7
test/index.ts
View File

@ -45,6 +45,11 @@ function skippableTest(name: string, fn: () => void) {
} }
} }
beforeEach(() => {
// Allow private IPs by default, since a lot of the tests rely on old behvior
process.env.SUMMALY_ALLOW_PRIVATE_IP = 'true';
});
afterEach(async () => { afterEach(async () => {
if (app) { if (app) {
await app.close(); await app.close();
@ -93,7 +98,7 @@ skippableTest('Stage Bye Stage', async () => {
expect(summary).toEqual( expect(summary).toEqual(
{ {
'title': '【アイドルマスター】「Stage Bye Stage」(歌:島村卯月、渋谷凛、本田未央)', 'title': '【アイドルマスター】「Stage Bye Stage」(歌:島村卯月、渋谷凛、本田未央)',
'icon': 'https://www.youtube.com/s/desktop/711fd789/img/logos/favicon.ico', 'icon': 'https://www.youtube.com/s/desktop/78bc1359/img/logos/favicon.ico',
'description': 'Website▶https://columbia.jp/idolmaster/Playlist▶https://www.youtube.com/playlist?list=PL83A2998CF3BBC86D2018年7月18日発売予定THE IDOLM@STER CINDERELLA GIRLS CG STAR...', 'description': 'Website▶https://columbia.jp/idolmaster/Playlist▶https://www.youtube.com/playlist?list=PL83A2998CF3BBC86D2018年7月18日発売予定THE IDOLM@STER CINDERELLA GIRLS CG STAR...',
'thumbnail': 'https://i.ytimg.com/vi/NMIEAhH_fTU/maxresdefault.jpg', 'thumbnail': 'https://i.ytimg.com/vi/NMIEAhH_fTU/maxresdefault.jpg',
'player': { 'player': {