From eea3e8b5cf1bd6c16dbae2bfa62e271bca4ac9a6 Mon Sep 17 00:00:00 2001
From: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
Date: Mon, 10 Sep 2007 09:36:29 +0000
Subject: url plugin: add list of hosts for which no link info should be
 retrieved

The url plugin would display link info for urls such as http://127.0.0.1:631/printers and other private addresses, thus being a potential security threat. Disable info retrieval for these hosts, and make the host list configurable.
---
 data/rbot/plugins/url.rb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/data/rbot/plugins/url.rb b/data/rbot/plugins/url.rb
index 1e111fec..0160f903 100644
--- a/data/rbot/plugins/url.rb
+++ b/data/rbot/plugins/url.rb
@@ -1,3 +1,8 @@
+#-- vim:sw=2:et
+#++
+#
+# :title: Url plugin
+
 define_structure :Url, :channel, :nick, :time, :url, :info
 
 class ::UrlLinkError < RuntimeError
@@ -23,6 +28,10 @@ class UrlPlugin < Plugin
   BotConfig.register BotConfigBooleanValue.new('url.info_on_list',
     :default => false,
     :desc => "Show link info when listing/searching for urls")
+  BotConfig.register BotConfigArrayValue.new('url.no_info_hosts',
+    :default => ['localhost', '^192\.168\.', '^10\.', '^127\.0\.0\.1', '^172\.(1[6-9]|2\d|31)\.'],
+    :on_change => Proc.new { |bot, v| bot.plugins['url'].reset_no_info_hosts },
+    :desc => "A list of regular expressions matching hosts for which no info should be provided")
 
 
   def initialize
@@ -31,6 +40,12 @@ class UrlPlugin < Plugin
     unless @bot.config['url.display_link_info'].kind_of?(Integer)
       @bot.config.items[:'url.display_link_info'].set_string(@bot.config['url.display_link_info'].to_s)
     end
+    reset_no_info_hosts
+  end
+
+  def reset_no_info_hosts
+    @no_info_hosts = Regexp.new(@bot.config['url.no_info_hosts'].join('|'), true)
+    debug "no info hosts regexp set to #{@no_info_hosts}"
   end
 
   def help(plugin, topic="")
@@ -47,6 +62,10 @@ class UrlPlugin < Plugin
     url = uri_str.kind_of?(URI) ? uri_str : URI.parse(uri_str)
     return if url.scheme !~ /https?/
 
+    if url.host =~ @no_info_hosts
+      return "Sorry, info retrieval for #{url.host} is disabled"
+    end
+
     logopts = Hash.new
     logopts[:nick] = nick if nick
     logopts[:channel] = channel if channel
-- 
cgit v1.2.3