discourse
/
discourse-chat-integration
mirror of https://github.com/discourse/discourse-chat-integration.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Improve SSRF protections (#144) 

See https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr
This commit is contained in:
David Taylor 2022-11-01 17:36:56 +00:00 committed by GitHub
parent 7b8a1a3960
commit 820d04d1b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/discourse_chat_integration/provider/discord/discord_provider.rb
View File

@ -12,7 +12,7 @@ module DiscourseChatIntegration
].freeze ].freeze
def self.send_message(url, message) def self.send_message(url, message)
http = Net::HTTP.new("discord.com", 443) http = FinalDestination::HTTP.new("discord.com", 443)
http.use_ssl = true http.use_ssl = true
uri = URI(url) uri = URI(url)

2
lib/discourse_chat_integration/provider/flowdock/flowdock_provider.rb
View File

@ -11,7 +11,7 @@ module DiscourseChatIntegration::Provider::FlowdockProvider
def self.send_message(url, message) def self.send_message(url, message)
uri = URI(url) uri = URI(url)
http = Net::HTTP.new(uri.host, uri.port) http = FinalDestination::HTTP.new(uri.host, uri.port)
http.use_ssl = true http.use_ssl = true
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')

2
lib/discourse_chat_integration/provider/google/google_provider.rb
View File

@ -14,7 +14,7 @@ module DiscourseChatIntegration
message = get_message(post) message = get_message(post)
uri = URI(channel.data['webhook_url']) uri = URI(channel.data['webhook_url'])
http = Net::HTTP.new(uri.host, uri.port) http = FinalDestination::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == 'https') http.use_ssl = (uri.scheme == 'https')
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')

2
lib/discourse_chat_integration/provider/groupme/groupme_provider.rb
View File

@ -46,7 +46,7 @@ module DiscourseChatIntegration::Provider::GroupmeProvider
instance_names.each { |instance_name| instance_names.each { |instance_name|
bot_id = name_to_id["#{instance_name}"] bot_id = name_to_id["#{instance_name}"]
uri = URI("https://api.groupme.com/v3/bots/post") uri = URI("https://api.groupme.com/v3/bots/post")
http = Net::HTTP.new(uri.host, uri.port) http = FinalDestination::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == 'https') http.use_ssl = (uri.scheme == 'https')
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
message[:bot_id] = bot_id message[:bot_id] = bot_id

2
lib/discourse_chat_integration/provider/guilded/guilded_provider.rb
View File

@ -53,7 +53,7 @@ module DiscourseChatIntegration
def self.send_message(url, message) def self.send_message(url, message)
uri = URI(url) uri = URI(url)
http = Net::HTTP.new(uri.host, uri.port) http = FinalDestination::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == 'https') http.use_ssl = (uri.scheme == 'https')
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')

2
lib/discourse_chat_integration/provider/matrix/matrix_provider.rb
View File

@ -21,7 +21,7 @@ module DiscourseChatIntegration
uri = URI([url, url_params].join('?')) uri = URI([url, url_params].join('?'))
http = Net::HTTP.new(uri.host, uri.port) http = FinalDestination::HTTP.new(uri.host, uri.port)
http.use_ssl = true http.use_ssl = true
req = Net::HTTP::Put.new(uri, 'Content-Type' => 'application/json') req = Net::HTTP::Put.new(uri, 'Content-Type' => 'application/json')

2
lib/discourse_chat_integration/provider/mattermost/mattermost_provider.rb
View File

@ -13,7 +13,7 @@ module DiscourseChatIntegration
uri = URI(SiteSetting.chat_integration_mattermost_webhook_url) uri = URI(SiteSetting.chat_integration_mattermost_webhook_url)
http = Net::HTTP.new(uri.host, uri.port) http = FinalDestination::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == 'https') http.use_ssl = (uri.scheme == 'https')
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
req.body = message.to_json req.body = message.to_json

2
lib/discourse_chat_integration/provider/rocketchat/rocketchat_provider.rb
View File

@ -45,7 +45,7 @@ module DiscourseChatIntegration::Provider::RocketchatProvider
def self.send_via_webhook(message) def self.send_via_webhook(message)
uri = URI(SiteSetting.chat_integration_rocketchat_webhook_url) uri = URI(SiteSetting.chat_integration_rocketchat_webhook_url)
http = Net::HTTP.new(uri.host, uri.port) http = FinalDestination::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == 'https') http.use_ssl = (uri.scheme == 'https')
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')

4
lib/discourse_chat_integration/provider/slack/slack_provider.rb
View File

@ -137,7 +137,7 @@ module DiscourseChatIntegration::Provider::SlackProvider
end end
def self.send_via_webhook(message) def self.send_via_webhook(message)
http = Net::HTTP.new("hooks.slack.com", 443) http = FinalDestination::HTTP.new("hooks.slack.com", 443)
http.use_ssl = true http.use_ssl = true
req = Net::HTTP::Post.new(URI(SiteSetting.chat_integration_slack_outbound_webhook_url), 'Content-Type' => 'application/json') req = Net::HTTP::Post.new(URI(SiteSetting.chat_integration_slack_outbound_webhook_url), 'Content-Type' => 'application/json')
req.body = message.to_json req.body = message.to_json
@ -170,7 +170,7 @@ module DiscourseChatIntegration::Provider::SlackProvider
end end
def self.slack_api_http def self.slack_api_http
http = Net::HTTP.new("slack.com", 443) http = FinalDestination::HTTP.new("slack.com", 443)
http.use_ssl = true http.use_ssl = true
http.read_timeout = 5 # seconds http.read_timeout = 5 # seconds
http http

2
lib/discourse_chat_integration/provider/teams/teams_provider.rb
View File

@ -12,7 +12,7 @@ module DiscourseChatIntegration::Provider::TeamsProvider
message = get_message(post) message = get_message(post)
uri = URI(channel.data['webhook_url']) uri = URI(channel.data['webhook_url'])
http = Net::HTTP.new(uri.host, uri.port) http = FinalDestination::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == 'https') http.use_ssl = (uri.scheme == 'https')
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')

2
lib/discourse_chat_integration/provider/telegram/telegram_provider.rb
View File

@ -33,7 +33,7 @@ module DiscourseChatIntegration
end end
def self.do_api_request(methodName, message) def self.do_api_request(methodName, message)
http = Net::HTTP.new("api.telegram.org", 443) http = FinalDestination::HTTP.new("api.telegram.org", 443)
http.use_ssl = true http.use_ssl = true
access_token = SiteSetting.chat_integration_telegram_access_token access_token = SiteSetting.chat_integration_telegram_access_token

2
lib/discourse_chat_integration/provider/webex/webex_provider.rb
View File

@ -15,7 +15,7 @@ module DiscourseChatIntegration::Provider::WebexProvider
message = get_message(post) message = get_message(post)
uri = URI(channel.data['webhook_url']) uri = URI(channel.data['webhook_url'])
http = Net::HTTP.new(uri.host, uri.port) http = FinalDestination::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == 'https') http.use_ssl = (uri.scheme == 'https')
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')

2
lib/discourse_chat_integration/provider/zulip/zulip_provider.rb
View File

@ -13,7 +13,7 @@ module DiscourseChatIntegration
def self.send_message(message) def self.send_message(message)
uri = URI("#{SiteSetting.chat_integration_zulip_server}/api/v1/messages") uri = URI("#{SiteSetting.chat_integration_zulip_server}/api/v1/messages")
http = Net::HTTP.new(uri.host, uri.port) http = FinalDestination::HTTP.new(uri.host, uri.port)
http.use_ssl = (uri.scheme == 'https') http.use_ssl = (uri.scheme == 'https')
req = Net::HTTP::Post.new(uri) req = Net::HTTP::Post.new(uri)