diff options
| author | Matthew Hodgson <matthew@matrix.org> | 2016-05-01 12:44:24 +0100 |
|---|---|---|
| committer | Matthew Hodgson <matthew@matrix.org> | 2016-05-01 12:44:24 +0100 |
| commit | 792def49288432852fef5059f13184af67843818 (patch) | |
| tree | ee56557c6afd45e41e3eb8ab9770279e6a42aff1 /synapse/http | |
| parent | Merge pull request #758 from matrix-org/dbkr/fix_password_reset (diff) | |
| download | synapse-792def49288432852fef5059f13184af67843818.tar.xz | |
add a url_preview_ip_range_whitelist config param so we can whitelist the matrix.org IP space
Diffstat (limited to 'synapse/http')
| -rw-r--r-- | synapse/http/client.py | 6 | ||||
| -rw-r--r-- | synapse/http/endpoint.py | 14 |
2 files changed, 13 insertions, 7 deletions
diff --git a/synapse/http/client.py b/synapse/http/client.py index 902ae7a203..a8e2d8e808 100644 --- a/synapse/http/client.py +++ b/synapse/http/client.py @@ -380,13 +380,15 @@ class CaptchaServerHttpClient(SimpleHttpClient): class SpiderEndpointFactory(object): def __init__(self, hs): self.blacklist = hs.config.url_preview_ip_range_blacklist + if hasattr(hs.config, "url_preview_ip_range_whitelist"): + self.whitelist = hs.config.url_preview_ip_range_whitelist self.policyForHTTPS = hs.get_http_client_context_factory() def endpointForURI(self, uri): logger.info("Getting endpoint for %s", uri.toBytes()) if uri.scheme == "http": return SpiderEndpoint( - reactor, uri.host, uri.port, self.blacklist, + reactor, uri.host, uri.port, self.blacklist, self.whitelist, endpoint=TCP4ClientEndpoint, endpoint_kw_args={ 'timeout': 15 @@ -395,7 +397,7 @@ class SpiderEndpointFactory(object): elif uri.scheme == "https": tlsPolicy = self.policyForHTTPS.creatorForNetloc(uri.host, uri.port) return SpiderEndpoint( - reactor, uri.host, uri.port, self.blacklist, + reactor, uri.host, uri.port, self.blacklist, self.whitelist, endpoint=SSL4ClientEndpoint, endpoint_kw_args={ 'sslContextFactory': tlsPolicy, diff --git a/synapse/http/endpoint.py b/synapse/http/endpoint.py index a456dc19da..442696d393 100644 --- a/synapse/http/endpoint.py +++ b/synapse/http/endpoint.py @@ -79,12 +79,13 @@ class SpiderEndpoint(object): """An endpoint which refuses to connect to blacklisted IP addresses Implements twisted.internet.interfaces.IStreamClientEndpoint. """ - def __init__(self, reactor, host, port, blacklist, + def __init__(self, reactor, host, port, blacklist, whitelist, endpoint=TCP4ClientEndpoint, endpoint_kw_args={}): self.reactor = reactor self.host = host self.port = port self.blacklist = blacklist + self.whitelist = whitelist self.endpoint = endpoint self.endpoint_kw_args = endpoint_kw_args @@ -93,10 +94,13 @@ class SpiderEndpoint(object): address = yield self.reactor.resolve(self.host) from netaddr import IPAddress - if IPAddress(address) in self.blacklist: - raise ConnectError( - "Refusing to spider blacklisted IP address %s" % address - ) + ip_address = IPAddress(address) + + if ip_address in self.blacklist: + if self.whitelist is None or ip_address not in self.whitelist: + raise ConnectError( + "Refusing to spider blacklisted IP address %s" % address + ) logger.info("Connecting to %s:%s", address, self.port) endpoint = self.endpoint( |