Self-Hosted
/
changedetection.io
mirror of https://github.com/dgtlmoon/changedetection.io.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix security check

Browse Source
pull/1941/head
dgtlmoon 12 months ago
parent d7bc2bd3f6
commit ebc7a7e568
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File

7
changedetectionio/processors/__init__.py
Unescape View File

@ -1,6 +1,7 @@
from abc import abstractmethod from abc import abstractmethod
import os import os
import hashlib import hashlib
import re
from copy import deepcopy from copy import deepcopy
from changedetectionio import content_fetcher from changedetectionio import content_fetcher
@ -18,6 +19,12 @@ class difference_detection_processor():
self.datastore = datastore self.datastore = datastore
self.watch = deepcopy(self.datastore.data['watching'].get(watch_uuid)) self.watch = deepcopy(self.datastore.data['watching'].get(watch_uuid))
# Protect against file:// access
if re.search(r'^file', self.watch.get('url', ''), re.IGNORECASE) and not os.getenv('ALLOW_FILE_URI', False):
raise Exception(
"file:// type access is denied for security reasons."
)
def call_browser(self): def call_browser(self):

6
changedetectionio/processors/text_json_diff.py
Unescape View File

@ -44,12 +44,6 @@ class perform_site_check(difference_detection_processor):
if not watch: if not watch:
raise Exception("Watch no longer exists.") raise Exception("Watch no longer exists.")
# Protect against file:// access
if re.search(r'^file', watch.get('url', ''), re.IGNORECASE) and not os.getenv('ALLOW_FILE_URI', False):
raise Exception(
"file:// type access is denied for security reasons."
)
# Unset any existing notification error # Unset any existing notification error
update_obj = {'last_notification_error': False, 'last_error': False} update_obj = {'last_notification_error': False, 'last_error': False}

Write Preview
Loading…
Cancel
Save