mirror of
https://github.com/Mintplex-Labs/anything-llm.git
synced 2024-10-04 01:40:12 +02:00
Prevent private octets from link collection for self-hosted (#626)
This commit is contained in:
parent
0efb3ab54c
commit
0db6c3b2aa
@ -1,9 +1,23 @@
|
|||||||
const VALID_PROTOCOLS = ["https:", "http:"];
|
const VALID_PROTOCOLS = ["https:", "http:"];
|
||||||
|
const INVALID_OCTETS = [192, 172, 10, 127];
|
||||||
|
|
||||||
|
function isInvalidIp({ hostname }) {
|
||||||
|
const IPRegex = new RegExp(
|
||||||
|
/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/gi
|
||||||
|
);
|
||||||
|
if (!IPRegex.test(hostname)) return false;
|
||||||
|
const [octetOne, ..._rest] = hostname.split(".");
|
||||||
|
|
||||||
|
// If fails to validate to number - abort and return as invalid.
|
||||||
|
if (isNaN(Number(octetOne))) return true;
|
||||||
|
return INVALID_OCTETS.includes(Number(octetOne));
|
||||||
|
}
|
||||||
|
|
||||||
function validURL(url) {
|
function validURL(url) {
|
||||||
try {
|
try {
|
||||||
const destination = new URL(url);
|
const destination = new URL(url);
|
||||||
if (!VALID_PROTOCOLS.includes(destination.protocol)) return false;
|
if (!VALID_PROTOCOLS.includes(destination.protocol)) return false;
|
||||||
|
if (isInvalidIp(destination)) return false;
|
||||||
return true;
|
return true;
|
||||||
} catch {}
|
} catch {}
|
||||||
return false;
|
return false;
|
||||||
|
@ -16,10 +16,7 @@ const {
|
|||||||
multiUserMode,
|
multiUserMode,
|
||||||
queryParams,
|
queryParams,
|
||||||
} = require("../utils/http");
|
} = require("../utils/http");
|
||||||
const {
|
const { setupLogoUploads, setupPfpUploads } = require("../utils/files/multer");
|
||||||
setupLogoUploads,
|
|
||||||
setupPfpUploads,
|
|
||||||
} = require("../utils/files/multer");
|
|
||||||
const { v4 } = require("uuid");
|
const { v4 } = require("uuid");
|
||||||
const { SystemSettings } = require("../models/systemSettings");
|
const { SystemSettings } = require("../models/systemSettings");
|
||||||
const { User } = require("../models/user");
|
const { User } = require("../models/user");
|
||||||
|
Loading…
Reference in New Issue
Block a user