Skip to content
Permalink
Browse files Browse the repository at this point in the history
SECURITY: Improve validation of SNS subscription confirm (#14672)
An upstream validation bug in the aws-sdk-sns library could enable RCE under certain circumstances. This commit updates the upstream gem, and adds additional validation to provide defense-in-depth.
  • Loading branch information
davidtaylorhq committed Oct 20, 2021
1 parent 98b0621 commit fa3c46c
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 8 deletions.
12 changes: 6 additions & 6 deletions Gemfile.lock
Expand Up @@ -52,9 +52,9 @@ GEM
activerecord (>= 3.2, < 7.0)
rake (>= 10.4, < 14.0)
ast (2.4.2)
aws-eventstream (1.1.1)
aws-partitions (1.432.0)
aws-sdk-core (3.112.1)
aws-eventstream (1.2.0)
aws-partitions (1.516.0)
aws-sdk-core (3.121.2)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.239.0)
aws-sigv4 (~> 1.1)
Expand All @@ -66,10 +66,10 @@ GEM
aws-sdk-core (~> 3, >= 3.112.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.1)
aws-sdk-sns (1.38.0)
aws-sdk-core (~> 3, >= 3.112.0)
aws-sdk-sns (1.46.0)
aws-sdk-core (~> 3, >= 3.121.2)
aws-sigv4 (~> 1.1)
aws-sigv4 (1.2.3)
aws-sigv4 (1.4.0)
aws-eventstream (~> 1, >= 1.0.2)
barber (0.12.2)
ember-source (>= 1.0, < 3.1)
Expand Down
9 changes: 7 additions & 2 deletions app/jobs/regular/confirm_sns_subscription.rb
Expand Up @@ -13,8 +13,13 @@ def execute(args)
require "aws-sdk-sns"
return unless Aws::SNS::MessageVerifier.new.authentic?(raw)

# confirm subscription by visiting the URL
open(subscribe_url)
uri = begin
URI.parse(subscribe_url)
rescue URI::Error
return
end

Net::HTTP.get(uri)
end

end
Expand Down

0 comments on commit fa3c46c

Please sign in to comment.