cartodb-4.29/lib/carto/url_validator.rb

require 'uri'
require 'resolv'
require 'ipaddr'

module Carto
  module UrlValidator
    DEFAULT_URL_VALID_PORTS = [21, 80, 443].freeze

    class InvalidUrlError < StandardError
      def initialize(url)
        super "Invalid URL, cannot connect dataset: #{url}"
      end
    end

    def validate_url!(str, valid_ports = DEFAULT_URL_VALID_PORTS)
      raise InvalidUrlError, str unless valid_url?(str, valid_ports)
    end

    private

    def valid_url?(str, valid_ports)
      uri = URI.parse(str)

      (uri.is_a?(URI::HTTP) || uri.is_a?(URI::FTP)) &&
        valid_ports.include?(uri.port) &&
        !blacklisted_ip?(uri)
    rescue URI::InvalidURIError
      return false
    end

    def blacklisted_ip?(uri)
      # The uri includes regularly a hostname and is not directly the IP address
      # so we need to resolve it to compare it with the IP blacklist
      return false if blacklisted_ip_ranges.empty?

      begin
        uri_ip = IPAddr.new(Resolv.getaddress(uri.host))
      rescue Resolv::ResolvError, Resolv::ResolvTimeout
        return false
      rescue IPAddr::AddressFamilyError, IPAddr::InvalidAddressError
        raise InvalidUrlError, str
      end

      blacklisted_ip_ranges.any? { |ip_range| ip_range.include?(uri_ip) }
    end

    def blacklisted_ip_ranges
      @blacklisted_ip_ranges ||= (::Cartodb.get_config(:importer, 'blacklisted_ip_addr') || [])
        .map { |ip| IPAddr.new(ip) }
    end
  end
end
Initial commit 2020-06-15 10:58:47 +08:00			`require 'uri'`
			`require 'resolv'`
			`require 'ipaddr'`

			`module Carto`
			`module UrlValidator`
			`DEFAULT_URL_VALID_PORTS = [21, 80, 443].freeze`

			`class InvalidUrlError < StandardError`
			`def initialize(url)`
			`super "Invalid URL, cannot connect dataset: #{url}"`
			`end`
			`end`

			`def validate_url!(str, valid_ports = DEFAULT_URL_VALID_PORTS)`
			`raise InvalidUrlError, str unless valid_url?(str, valid_ports)`
			`end`

			`private`

			`def valid_url?(str, valid_ports)`
			`uri = URI.parse(str)`

			`(uri.is_a?(URI::HTTP) \|\| uri.is_a?(URI::FTP)) &&`
			`valid_ports.include?(uri.port) &&`
			`!blacklisted_ip?(uri)`
			`rescue URI::InvalidURIError`
			`return false`
			`end`

			`def blacklisted_ip?(uri)`
			`# The uri includes regularly a hostname and is not directly the IP address`
			`# so we need to resolve it to compare it with the IP blacklist`
			`return false if blacklisted_ip_ranges.empty?`

			`begin`
			`uri_ip = IPAddr.new(Resolv.getaddress(uri.host))`
			`rescue Resolv::ResolvError, Resolv::ResolvTimeout`
			`return false`
			`rescue IPAddr::AddressFamilyError, IPAddr::InvalidAddressError`
			`raise InvalidUrlError, str`
			`end`

			`blacklisted_ip_ranges.any? { \|ip_range\| ip_range.include?(uri_ip) }`
			`end`

			`def blacklisted_ip_ranges`
			`@blacklisted_ip_ranges \|\|= (::Cartodb.get_config(:importer, 'blacklisted_ip_addr') \|\| [])`
			`.map { \|ip\| IPAddr.new(ip) }`
			`end`
			`end`
			`end`