diff options
-rw-r--r-- | app/services/verify_link_service.rb | 2 | ||||
-rw-r--r-- | spec/services/verify_link_service_spec.rb | 22 |
2 files changed, 23 insertions, 1 deletions
diff --git a/app/services/verify_link_service.rb b/app/services/verify_link_service.rb index d049b52d1..9708cdd73 100644 --- a/app/services/verify_link_service.rb +++ b/app/services/verify_link_service.rb @@ -10,7 +10,7 @@ class VerifyLinkService < BaseService return unless link_back_present? field.mark_verified! - rescue OpenSSL::SSL::SSLError, HTTP::Error, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError => e + rescue OpenSSL::SSL::SSLError, HTTP::Error, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError, IPAddr::AddressFamilyError => e Rails.logger.debug "Error fetching link #{@url}: #{e}" nil end diff --git a/spec/services/verify_link_service_spec.rb b/spec/services/verify_link_service_spec.rb index 391560f1c..8f65f3a84 100644 --- a/spec/services/verify_link_service_spec.rb +++ b/spec/services/verify_link_service_spec.rb @@ -150,5 +150,27 @@ RSpec.describe VerifyLinkService, type: :service do expect(field.verified?).to be true end end + + context 'when the link contains a link with a missing protocol slash' do + # This was seen in the wild where a user had three pages: + # 1. their mastodon profile, which linked to github and the personal website + # 2. their personal website correctly linking back to mastodon + # 3. a github profile that was linking to the personal website, but with + # a malformed protocol of http:/ + # + # This caused link verification between the mastodon profile and the + # website to fail. + # + # apparently github allows the user to enter website URLs with a single + # slash and makes no attempts to correct that. + let(:html) { '<a href="http:/unrelated.example">Hello</a>' } + + it 'does not crash' do + # We could probably put more effort into perhaps auto-correcting the + # link and following it anyway, but at the very least we shouldn't let + # exceptions bubble up + expect(field.verified?).to be false + end + end end end |