From 499a83270a834234117890cb5bb8728281148a91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Hanol?= Date: Thu, 12 Jan 2017 22:35:33 +0100 Subject: [PATCH] FIX: don't onebox to IP addresses --- .../engine/whitelisted_generic_onebox.rb | 4 +++- .../engine/whitelisted_generic_onebox_spec.rb | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 spec/components/onebox/engine/whitelisted_generic_onebox_spec.rb diff --git a/lib/onebox/engine/whitelisted_generic_onebox.rb b/lib/onebox/engine/whitelisted_generic_onebox.rb index 1ea9a90892f..e711b960c9b 100644 --- a/lib/onebox/engine/whitelisted_generic_onebox.rb +++ b/lib/onebox/engine/whitelisted_generic_onebox.rb @@ -1,10 +1,12 @@ +require "ipaddr" + module Onebox module Engine class WhitelistedGenericOnebox # overwrite the whitelist def self.===(other) - true + other.is_a?(URI) ? (IPAddr.new(other.hostname) rescue nil).nil? : true end # ensure we're the last engine to be used diff --git a/spec/components/onebox/engine/whitelisted_generic_onebox_spec.rb b/spec/components/onebox/engine/whitelisted_generic_onebox_spec.rb new file mode 100644 index 00000000000..f6d8c38840b --- /dev/null +++ b/spec/components/onebox/engine/whitelisted_generic_onebox_spec.rb @@ -0,0 +1,18 @@ +require 'rails_helper' + +describe Onebox::Engine::WhitelistedGenericOnebox do + + describe ".===" do + + it "matches any domain" do + expect(described_class === URI('http://foo.bar/resource')).to be(true) + end + + it "doesn't match an IP address" do + expect(described_class === URI('http://1.2.3.4/resource')).to be(false) + expect(described_class === URI('http://1.2.3.4:1234/resource')).to be(false) + end + + end + +end