Catch encoding errors when creating link previews. (#30853)

main-rebase-security-fix
David Roetzel 2024-06-27 16:41:03 +02:00 committed by GitHub
parent 42adb6eaee
commit ff08d99d4d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 15 additions and 1 deletions

View File

@ -32,7 +32,7 @@ class FetchLinkCardService < BaseService
end
attach_card if @card&.persisted?
rescue HTTP::Error, OpenSSL::SSL::SSLError, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError => e
rescue HTTP::Error, OpenSSL::SSL::SSLError, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError, Encoding::UndefinedConversionError => e
Rails.logger.debug { "Error fetching link #{@original_url}: #{e}" }
nil
end

View File

@ -0,0 +1,5 @@
HTTP/1.1 301 Moved Permanently
server: nginx
date: Thu, 27 Jun 2024 11:04:53 GMT
content-type: text/html; charset=UTF-8
location: http://example.com/ärgerliche-umlaute.html

View File

@ -27,6 +27,7 @@ RSpec.describe FetchLinkCardService do
stub_request(:get, 'http://example.com/koi8-r').to_return(request_fixture('koi8-r.txt'))
stub_request(:get, 'http://example.com/windows-1251').to_return(request_fixture('windows-1251.txt'))
stub_request(:get, 'http://example.com/low_confidence_latin1').to_return(request_fixture('low_confidence_latin1.txt'))
stub_request(:get, 'http://example.com/aergerliche-umlaute').to_return(request_fixture('redirect_with_utf8_url.txt'))
Rails.cache.write('oembed_endpoint:example.com', oembed_cache) if oembed_cache
@ -101,6 +102,14 @@ RSpec.describe FetchLinkCardService do
end
end
context 'with a redirect URL with faulty encoding' do
let(:status) { Fabricate(:status, text: 'http://example.com/aergerliche-umlaute') }
it 'does not create a preview card' do
expect(status.preview_card).to be_nil
end
end
context 'with a 404 URL' do
let(:status) { Fabricate(:status, text: 'http://example.com/not-found') }