github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 23:06:57 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
19ec341bce
discourse/app/jobs/regular/confirm_sns_subscription.rb
David Taylor 010309d108
SECURITY: Improve validation of SNS subscription confirm (#14671) 
An upstream validation bug in the aws-sdk-sns library could enable RCE under certain circumstances. This commit updates the upstream gem, and adds additional validation to provide defense-in-depth.
2021-10-20 22:20:52 +01:00

28 lines
548 B
Ruby
Raw Blame History

# frozen_string_literal: true
module Jobs
class ConfirmSnsSubscription < ::Jobs::Base
sidekiq_options retry: false
def execute(args)
return unless raw = args[:raw].presence
return unless json = args[:json].presence
return unless subscribe_url = json["SubscribeURL"].presence
require "aws-sdk-sns"
return unless Aws::SNS::MessageVerifier.new.authentic?(raw)
uri = begin
URI.parse(subscribe_url)
rescue URI::Error
return
end
Net::HTTP.get(uri)
end
end
end
Reference in New Issue View Git Blame Copy Permalink