about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--app/services/verify_link_service.rb2
-rw-r--r--spec/services/verify_link_service_spec.rb22
2 files changed, 23 insertions, 1 deletions
diff --git a/app/services/verify_link_service.rb b/app/services/verify_link_service.rb
index d049b52d1..9708cdd73 100644
--- a/app/services/verify_link_service.rb
+++ b/app/services/verify_link_service.rb
@@ -10,7 +10,7 @@ class VerifyLinkService < BaseService
     return unless link_back_present?
 
     field.mark_verified!
-  rescue OpenSSL::SSL::SSLError, HTTP::Error, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError => e
+  rescue OpenSSL::SSL::SSLError, HTTP::Error, Addressable::URI::InvalidURIError, Mastodon::HostValidationError, Mastodon::LengthValidationError, IPAddr::AddressFamilyError => e
     Rails.logger.debug "Error fetching link #{@url}: #{e}"
     nil
   end
diff --git a/spec/services/verify_link_service_spec.rb b/spec/services/verify_link_service_spec.rb
index 391560f1c..8f65f3a84 100644
--- a/spec/services/verify_link_service_spec.rb
+++ b/spec/services/verify_link_service_spec.rb
@@ -150,5 +150,27 @@ RSpec.describe VerifyLinkService, type: :service do
         expect(field.verified?).to be true
       end
     end
+
+    context 'when the link contains a link with a missing protocol slash' do
+      # This was seen in the wild where a user had three pages:
+      # 1. their mastodon profile, which linked to github and the personal website
+      # 2. their personal website correctly linking back to mastodon
+      # 3. a github profile that was linking to the personal website, but with
+      #    a malformed protocol of http:/
+      #
+      # This caused link verification between the mastodon profile and the
+      # website to fail.
+      #
+      # apparently github allows the user to enter website URLs with a single
+      # slash and makes no attempts to correct that.
+      let(:html) { '<a href="http:/unrelated.example">Hello</a>' }
+
+      it 'does not crash' do
+        # We could probably put more effort into perhaps auto-correcting the
+        # link and following it anyway, but at the very least we shouldn't let
+        # exceptions bubble up
+        expect(field.verified?).to be false
+      end
+    end
   end
 end