@abtnode/util 1.17.3-beta-20251127-063055-94957209 → 1.17.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/ssrf-protector.js +6 -0
- package/lib/url-evaluation/index.js +15 -0
- package/package.json +6 -6
package/lib/ssrf-protector.js
CHANGED
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
const isPrivateIP = require('private-ip');
|
|
5
5
|
const isIP = require('is-ip');
|
|
6
6
|
const dns = require('dns');
|
|
7
|
+
const { isDidDomainUrl } = require('./url-evaluation');
|
|
7
8
|
|
|
8
9
|
// 允许的协议, 只允许 https
|
|
9
10
|
function isAllowedProtocol(protocol) {
|
|
@@ -88,6 +89,11 @@ async function isAllowedURL(url) {
|
|
|
88
89
|
return !isPrivateIP(hostname);
|
|
89
90
|
}
|
|
90
91
|
|
|
92
|
+
// 如果域名在跳过列表中,则直接返回true
|
|
93
|
+
if (isDidDomainUrl(hostname)) {
|
|
94
|
+
return true;
|
|
95
|
+
}
|
|
96
|
+
|
|
91
97
|
// 测试和开发环境不进行 DNS 解析验证
|
|
92
98
|
if (process.env.NODE_ENV === 'test' || process.env.NODE_ENV === 'development') {
|
|
93
99
|
return true;
|
|
@@ -112,6 +112,19 @@ const getOriginUrl = (url) => {
|
|
|
112
112
|
}
|
|
113
113
|
};
|
|
114
114
|
|
|
115
|
+
const isSlackWebhookUrl = (url) => {
|
|
116
|
+
try {
|
|
117
|
+
const parsed = new URL(url);
|
|
118
|
+
return parsed.protocol === 'https:' && parsed.hostname === 'hooks.slack.com';
|
|
119
|
+
} catch (e) {
|
|
120
|
+
return false;
|
|
121
|
+
}
|
|
122
|
+
};
|
|
123
|
+
|
|
124
|
+
const isDidDomainUrl = (hostname) => {
|
|
125
|
+
return isIpEcho(hostname) || isDidDomain(hostname) || isSlpDomain(hostname);
|
|
126
|
+
};
|
|
127
|
+
|
|
115
128
|
module.exports = {
|
|
116
129
|
isIpEcho,
|
|
117
130
|
isDidDomain,
|
|
@@ -120,4 +133,6 @@ module.exports = {
|
|
|
120
133
|
evaluateURLs,
|
|
121
134
|
isCustomDomain,
|
|
122
135
|
getOriginUrl,
|
|
136
|
+
isSlackWebhookUrl,
|
|
137
|
+
isDidDomainUrl,
|
|
123
138
|
};
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"publishConfig": {
|
|
4
4
|
"access": "public"
|
|
5
5
|
},
|
|
6
|
-
"version": "1.17.3
|
|
6
|
+
"version": "1.17.3",
|
|
7
7
|
"description": "ArcBlock's JavaScript utility",
|
|
8
8
|
"main": "lib/index.js",
|
|
9
9
|
"files": [
|
|
@@ -18,14 +18,14 @@
|
|
|
18
18
|
"author": "polunzh <polunzh@gmail.com> (http://github.com/polunzh)",
|
|
19
19
|
"license": "Apache-2.0",
|
|
20
20
|
"dependencies": {
|
|
21
|
-
"@abtnode/constant": "1.17.3
|
|
22
|
-
"@abtnode/db-cache": "1.17.3
|
|
21
|
+
"@abtnode/constant": "1.17.3",
|
|
22
|
+
"@abtnode/db-cache": "1.17.3",
|
|
23
23
|
"@arcblock/did": "^1.27.12",
|
|
24
24
|
"@arcblock/event-hub": "^1.27.12",
|
|
25
25
|
"@arcblock/pm2": "^6.0.12",
|
|
26
|
-
"@blocklet/constant": "1.17.3
|
|
26
|
+
"@blocklet/constant": "1.17.3",
|
|
27
27
|
"@blocklet/error": "^0.3.3",
|
|
28
|
-
"@blocklet/meta": "1.17.3
|
|
28
|
+
"@blocklet/meta": "1.17.3",
|
|
29
29
|
"@blocklet/xss": "^0.3.10",
|
|
30
30
|
"@ocap/client": "^1.27.12",
|
|
31
31
|
"@ocap/mcrypto": "^1.27.12",
|
|
@@ -90,5 +90,5 @@
|
|
|
90
90
|
"express": "^4.18.2",
|
|
91
91
|
"fs-extra": "^11.2.0"
|
|
92
92
|
},
|
|
93
|
-
"gitHead": "
|
|
93
|
+
"gitHead": "20fc4c3b0c0fdf05a91d995e3f6fda0f38fa1133"
|
|
94
94
|
}
|