mirror of
https://github.com/discourse/discourse.git
synced 2024-11-28 17:45:22 +08:00
010309d108
An upstream validation bug in the aws-sdk-sns library could enable RCE under certain circumstances. This commit updates the upstream gem, and adds additional validation to provide defense-in-depth.
28 lines
548 B
Ruby
28 lines
548 B
Ruby
# frozen_string_literal: true
|
|
|
|
module Jobs
|
|
|
|
class ConfirmSnsSubscription < ::Jobs::Base
|
|
sidekiq_options retry: false
|
|
|
|
def execute(args)
|
|
return unless raw = args[:raw].presence
|
|
return unless json = args[:json].presence
|
|
return unless subscribe_url = json["SubscribeURL"].presence
|
|
|
|
require "aws-sdk-sns"
|
|
return unless Aws::SNS::MessageVerifier.new.authentic?(raw)
|
|
|
|
uri = begin
|
|
URI.parse(subscribe_url)
|
|
rescue URI::Error
|
|
return
|
|
end
|
|
|
|
Net::HTTP.get(uri)
|
|
end
|
|
|
|
end
|
|
|
|
end
|