Sha256: 7802a7cf3006bc86ab470f3e2563cd1afd8495e81bcd067c5329e638dd7bc764
Contents?: true
Size: 1.2 KB
Versions: 15
Compression:
Stored size: 1.2 KB
Contents
require "ipaddr"
require "uri"
module CC
class Service
class SafeWebhook
InternalWebhookError = Class.new(StandardError)
PRIVATE_ADDRESS_SUBNETS = [
IPAddr.new("10.0.0.0/8"),
IPAddr.new("172.16.0.0/12"),
IPAddr.new("192.168.0.0/16"),
IPAddr.new("fd00::/8"),
IPAddr.new("127.0.0.1"),
IPAddr.new("0:0:0:0:0:0:0:1"),
].freeze
def self.ensure_safe!(url)
instance = new(url)
instance.ensure_safe!
end
def initialize(url)
@url = url
end
def ensure_safe!
uri = URI.parse(url)
if !allow_internal_webhooks? && internal?(uri.host)
raise InternalWebhookError, "#{url.inspect} maps to an internal address"
end
end
private
attr_reader :url
def internal?(host)
address = ::Resolv.getaddress(host)
PRIVATE_ADDRESS_SUBNETS.any? do |subnet|
subnet === IPAddr.new(address.to_s)
end
rescue ::Resolv::ResolvError
true # localhost
end
def allow_internal_webhooks?
var = ENV["CODECLIMATE_ALLOW_INTERNAL_WEBHOOKS"] || ""
var == "1" || var == "true"
end
end
end
end
Version data entries
15 entries across 15 versions & 1 rubygems