deepcrayon
/
lila
1
0
Fork 0
Code Releases Activity

prevent Homograph attack using scala-uri punycode 

Reported by https://hackerone.com/mik317
pull/7412/head
Thibault Duplessis 2020-10-03 16:31:08 +02:00
parent e64022b571
commit 916eb62e2f
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build.sbt
View File

@ -170,7 +170,7 @@ lazy val mod = module("mod",
lazy val user = smallModule("user",
Seq(common, memo, db, hub, rating, socket),
Seq(hasher, specs2, autoconfig) ++ playWs.bundle ++ reactivemongo.bundle ++ macwire.bundle
Seq(hasher, specs2, autoconfig, scalaUri) ++ playWs.bundle ++ reactivemongo.bundle ++ macwire.bundle
)
lazy val game = module("game",

5
modules/user/src/main/Links.scala
View File

@ -1,5 +1,7 @@
package lila.user
import io.lemonlabs.uri.Url
object Links {
def make(text: String): List[Link] = text.linesIterator.to(List).map(_.trim).flatMap(toLink)
@ -10,7 +12,8 @@ object Links {
line match {
case UrlRegex(domain) =>
Link(
site = Link.Site.allKnown find (_ matches domain) getOrElse Link.Site.Other(domain),
site = Link.Site.allKnown find (_ matches domain) getOrElse
Link.Site.Other(Url.parse(domain).toStringPunycode),
url = if (line startsWith "http") line else s"https://$line"
).some
case _ => none