Fix reading body failing with nil error (#60)

Fixes #58, Refs. #51
arkadiyt · Sep 1, 2023 · 6710ecc · 6710ecc
1 parent f93dab1
commit 6710ecc
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 11 deletions.
diff --git a/lib/ssrf_filter/ssrf_filter.rb b/lib/ssrf_filter/ssrf_filter.rb
@@ -191,17 +191,17 @@ def self.fetch_once(uri, ip, verb, options, &block)
 
     with_forced_hostname(hostname, ip) do
       ::Net::HTTP.start(uri.hostname, uri.port, **http_options) do |http|
-        http.request(request) do |response|
-          case response
-          when ::Net::HTTPRedirection
-            url = response['location']
-            # Handle relative redirects
-            url = "#{uri.scheme}://#{hostname}:#{uri.port}#{url}" if url.start_with?('/')
-            return nil, url
-          else
-            block&.call(response)
-            return response, nil
-          end
+        response = http.request(request) do |res|
+          block&.call(res)
+        end
+        case response
+        when ::Net::HTTPRedirection
+          url = response['location']
+          # Handle relative redirects
+          url = "#{uri.scheme}://#{hostname}:#{uri.port}#{url}" if url.start_with?('/')
+          return nil, url
+        else
+          return response, nil
         end
       end
     end

diff --git a/spec/lib/ssrf_filter_spec.rb b/spec/lib/ssrf_filter_spec.rb
@@ -380,6 +380,40 @@ def inject_custom_trust_store(*certificates)
         web_server_thread&.kill
       end
     end
+
+    it 'does not break when reading the body without using a block' do
+      port = 8443
+
+      private_key, certificate = make_keypair('CN=localhost')
+      inject_custom_trust_store(certificate)
+      stub_const('SsrfFilter::IPV4_BLACKLIST', [])
+
+      begin
+        queue = Queue.new # Used as a semaphore
+
+        web_server_thread = Thread.new do
+          server = make_web_server(port, private_key, certificate) do
+            queue.push(nil)
+          end
+          server.mount('/README.md', WEBrick::HTTPServlet::FileHandler, 'README.md')
+          server.start
+        end
+
+        Timeout.timeout(2) do
+          queue.pop
+
+          options = {
+            resolver: proc { [IPAddr.new('127.0.0.1')] }
+          }
+
+          response = described_class.get("https://localhost:#{port}/README.md", options)
+          expect(response.code).to eq('200')
+          expect(response.body).to match(/ssrf_filter/)
+        end
+      ensure
+        web_server_thread&.kill
+      end
+    end
   end
 
   describe 'get/put/post/delete' do