yetangitu/Peertube
1
0
Fork 0
mirror of https://github.com/Chocobozzz/PeerTube.git synced 2025-10-05 19:42:24 +02:00
Code Issues Releases Wiki Activity

Add SSRF protection

Browse source
This commit is contained in:
Chocobozzz 2024-08-14 15:32:25 +02:00
parent af9f20d60c
commit d24d221550
No known key found for this signature in database
GPG key ID: 583A612D890159BE
21 changed files with 160 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

4
server/core/helpers/geo-ip.ts
View file

@ -6,7 +6,7 @@ import maxmind, { CityResponse, CountryResponse, Reader } from 'maxmind'
import { join } from 'path'
import { isArray } from './custom-validators/misc.js'
import { logger, loggerTagsFactory } from './logger.js'
import { isBinaryResponse, peertubeGot } from './requests.js'
import { isBinaryResponse, unsafeSSRFGot } from './requests.js'
const lTags = loggerTagsFactory('geo-ip')
@ -95,7 +95,7 @@ export class GeoIP {
const gotOptions = { context: { bodyKBLimit: 800_000 }, responseType: 'buffer' as 'buffer' }
try {
const gotResult = await peertubeGot(url, gotOptions)
const gotResult = await unsafeSSRFGot(url, gotOptions)
if (!isBinaryResponse(gotResult)) {
throw new Error('Not a binary response')