enhance(backend): プロフィールのリンク検証にtry-catchを追加 (#13882)

* enhance(backend): プロフィールのリンク検証にtry-catchを追加

* ✌️
This commit is contained in:
かっこかり 2024-05-27 17:18:12 +09:00 committed by GitHub
parent 1b81ca4563
commit 805a11aadb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -498,26 +498,32 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private async verifyLink(url: string, user: MiLocalUser) { private async verifyLink(url: string, user: MiLocalUser) {
if (!safeForSql(url)) return; if (!safeForSql(url)) return;
const html = await this.httpRequestService.getHtml(url); try {
const html = await this.httpRequestService.getHtml(url);
const { window } = new JSDOM(html); const { window } = new JSDOM(html);
const doc = window.document; const doc = window.document;
const myLink = `${this.config.url}/@${user.username}`; const myLink = `${this.config.url}/@${user.username}`;
const aEls = Array.from(doc.getElementsByTagName('a')); const aEls = Array.from(doc.getElementsByTagName('a'));
const linkEls = Array.from(doc.getElementsByTagName('link')); const linkEls = Array.from(doc.getElementsByTagName('link'));
const includesMyLink = aEls.some(a => a.href === myLink); const includesMyLink = aEls.some(a => a.href === myLink);
const includesRelMeLinks = [...aEls, ...linkEls].some(link => link.rel === 'me' && link.href === myLink); const includesRelMeLinks = [...aEls, ...linkEls].some(link => link.rel === 'me' && link.href === myLink);
if (includesMyLink || includesRelMeLinks) { if (includesMyLink || includesRelMeLinks) {
await this.userProfilesRepository.createQueryBuilder('profile').update() await this.userProfilesRepository.createQueryBuilder('profile').update()
.where('userId = :userId', { userId: user.id }) .where('userId = :userId', { userId: user.id })
.set({ .set({
verifiedLinks: () => `array_append("verifiedLinks", '${url}')`, // ここでSQLインジェクションされそうなのでとりあえず safeForSql で弾いている verifiedLinks: () => `array_append("verifiedLinks", '${url}')`, // ここでSQLインジェクションされそうなのでとりあえず safeForSql で弾いている
}) })
.execute(); .execute();
}
window.close();
} catch (err) {
// なにもしない
} }
} }
} }