SECURITY: Never crawl by IP

2025-02-25 18:55:32 -06:00 · 2017-05-23 13:07:18 -04:00
parent 93a5fc62bf
commit e5e7a15a85
2 changed files with 9 additions and 7 deletions
--- a/lib/final_destination.rb
+++ b/lib/final_destination.rb
@@ -68,14 +68,11 @@ class FinalDestination
  def validate_uri_format
    return false unless @uri
    return false unless ['https', 'http'].include?(@uri.scheme)
+    return false if @uri.scheme == 'http' && @uri.port != 80
+    return false if @uri.scheme == 'https' && @uri.port != 443

-    if @uri.scheme == 'http'
-      return @uri.port == 80
-    elsif @uri.scheme == 'https'
-      return @uri.port == 443
-    end
-
-    false
+    # Disallow IP based crawling
+    (IPAddr.new(@uri.hostname) rescue nil).nil?
  end

  def is_public?