activitypub 0.5.0 → 0.5.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/activitypub/resolvers.rb +10 -2
  3. data/lib/activitypub/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3d306bc2763af88f633f0645a032d1e0ed47e5a790b140ad566e6a53fdf9aeea
4
- data.tar.gz: 2f12fc9aa91aa64fedd909b68b6182ae2ed352e2bb06e80e60a65ee0f6ad4e6e
3
+ metadata.gz: e338ac7d0c5af88a4737eb2b6eaecbd528769917a08676d734f0878b5ed6b1ef
4
+ data.tar.gz: 691352bc4144612c077ad07cc846ab4914c93405588c615542d18ccf4acd9c02
5
5
  SHA512:
6
- metadata.gz: b154f2bcf3cb03386947ea1f137f55b53461c0dcaa0a6fde15c5098b276c809620fe3f94f90d110b416dd29b31a9ff75a5f5376d1cdaefaa98e5e9f713fd4c4c
7
- data.tar.gz: 44ca4b68aa880bed6a62a92e757c4e48ead8afb5f4b71fb300c8156729062d79f9ac15333ba38e2e776c52c89dc03701070ef84040e8b5033ead9d7cac03eb25
6
+ metadata.gz: 1e0b8f96fda04e91edbd1b3c16a5510547b57f1790072fe97d1aae88a03cbc66061196f64b3c16927e969e07d00e001a4a76d5f39be81b57ae09ed5053a34c3b
7
+ data.tar.gz: bceecaf4662e651e702c027b369b28de0178da5ee07a899c2fd746a940b69b8986a37b6dea8c70b5428c5038f98916336a9b2a11f0b58426db4c3e3210113fae
data/lib/activitypub/resolvers.rb CHANGED
@@ -1,6 +1,7 @@
1
1
 
2
2
  require 'uri'
3
3
  require 'faraday'
4
+ require 'socket'
4
5
 
5
6
  # Classes to resolve URI's into objects.
6
7
 
@@ -9,6 +10,12 @@ module ActivityPub
9
10
 
10
11
  class WebResolver
11
12
  def self.call(path)
13
+
14
+ uri = URI(path)
15
+ if uri.host == "localhost" || ((IPSocket.getaddress(uri.host) =~ /127.*/) == 0)
16
+ raise "Local access denied"
17
+ end
18
+
12
19
  response = Faraday.get(path, {}, {"Accept": "application/activity+json"})
13
20
  if response.status == 200
14
21
  ActivityPub.from_json(response.body)
@@ -31,11 +38,12 @@ module ActivityPub
31
38
  #
32
39
  class UnsafeResolver
33
40
  def initialize(base)
34
- @base = base
41
+ @base = File.expand_path(base)
35
42
  end
36
43
 
37
44
  def call(path)
38
- path = File.expand_path(File.join(@base, path))
45
+ path = File.expand_path(path,@base)
46
+ raise "Illegal path" if path[0...@base.length] != @base
39
47
  if File.exist?(path)
40
48
  data = File.read(path)
41
49
  return ActivityPub.from_json(data)
data/lib/activitypub/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ActivityPub
4
- VERSION = "0.5.0"
4
+ VERSION = "0.5.2"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activitypub
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vidar Hokstad
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-07-19 00:00:00.000000000 Z
11
+ date: 2024-07-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: webfinger