Sha256: 7802a7cf3006bc86ab470f3e2563cd1afd8495e81bcd067c5329e638dd7bc764
Contents?: true
Size: 1.2 KB
Versions: 15
Compression:
Stored size: 1.2 KB
Contents
require "ipaddr" require "uri" module CC class Service class SafeWebhook InternalWebhookError = Class.new(StandardError) PRIVATE_ADDRESS_SUBNETS = [ IPAddr.new("10.0.0.0/8"), IPAddr.new("172.16.0.0/12"), IPAddr.new("192.168.0.0/16"), IPAddr.new("fd00::/8"), IPAddr.new("127.0.0.1"), IPAddr.new("0:0:0:0:0:0:0:1"), ].freeze def self.ensure_safe!(url) instance = new(url) instance.ensure_safe! end def initialize(url) @url = url end def ensure_safe! uri = URI.parse(url) if !allow_internal_webhooks? && internal?(uri.host) raise InternalWebhookError, "#{url.inspect} maps to an internal address" end end private attr_reader :url def internal?(host) address = ::Resolv.getaddress(host) PRIVATE_ADDRESS_SUBNETS.any? do |subnet| subnet === IPAddr.new(address.to_s) end rescue ::Resolv::ResolvError true # localhost end def allow_internal_webhooks? var = ENV["CODECLIMATE_ALLOW_INTERNAL_WEBHOOKS"] || "" var == "1" || var == "true" end end end end
Version data entries
15 entries across 15 versions & 1 rubygems