From 8c9c947d0fc3716973ea6a5afec4002b89e510ba Mon Sep 17 00:00:00 2001 From: genteure Date: Sun, 5 Nov 2023 20:54:52 +0800 Subject: [PATCH] fix(core): filter webhook urls --- .../SimpleWebhook/BasicWebhookV1.cs | 6 +++ .../SimpleWebhook/BasicWebhookV2.cs | 46 +++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/BililiveRecorder.Core/SimpleWebhook/BasicWebhookV1.cs b/BililiveRecorder.Core/SimpleWebhook/BasicWebhookV1.cs index 229a00b..6677e79 100644 --- a/BililiveRecorder.Core/SimpleWebhook/BasicWebhookV1.cs +++ b/BililiveRecorder.Core/SimpleWebhook/BasicWebhookV1.cs @@ -47,6 +47,12 @@ namespace BililiveRecorder.Core.SimpleWebhook private async Task SendImplAsync(string url, byte[] data) { + if (!BasicWebhookV2.IsUrlAllowed(url)) + { + logger.Warning("不支持向 {Url} 发送 Webhook,已跳过", url); + return; + } + for (var i = 0; i < 3; i++) try { diff --git a/BililiveRecorder.Core/SimpleWebhook/BasicWebhookV2.cs b/BililiveRecorder.Core/SimpleWebhook/BasicWebhookV2.cs index aee7275..1b8f2f8 100644 --- a/BililiveRecorder.Core/SimpleWebhook/BasicWebhookV2.cs +++ b/BililiveRecorder.Core/SimpleWebhook/BasicWebhookV2.cs @@ -1,4 +1,5 @@ using System; +using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Text; @@ -67,6 +68,12 @@ namespace BililiveRecorder.Core.SimpleWebhook private async Task SendImplAsync(string url, byte[] data) { + if (!IsUrlAllowed(url)) + { + logger.Warning("不支持向 {Url} 发送 Webhook,已跳过", url); + return; + } + for (var i = 0; i < 3; i++) try { @@ -85,5 +92,44 @@ namespace BililiveRecorder.Core.SimpleWebhook logger.Warning(ex, "发送 WebhookV2 到 {Url} 失败", url); } } + + private static readonly IReadOnlyList DisallowedDomains = new[] + { + "test.example.com", + "baidu" + ".com", + "qq" + ".com", + "google" + ".com", + "b23" + ".tv", + "bilibili" + ".com", + "bilibili" + ".cn", + "bilibili" + ".tv", + "bilicomic" + ".com", + "bilicomics" + ".com", + "bilivideo" + ".com", + "bilivideo" + ".cn", + "biligame" + ".com", + "biligame" + ".net", + "biliapi" + ".com", + "biliapi" + ".net", + "hdslb" + ".com", + }; + + internal static bool IsUrlAllowed(string url) + { + if (string.IsNullOrWhiteSpace(url)) + return false; + + if (!Uri.TryCreate(url, UriKind.Absolute, out var uri)) + return false; + + if (uri.Scheme != Uri.UriSchemeHttp && uri.Scheme != Uri.UriSchemeHttps) + return false; + + foreach (var domain in DisallowedDomains) + if (uri.Host.EndsWith(domain, StringComparison.OrdinalIgnoreCase)) + return false; + + return true; + } } }