ssrf_filter icon indicating copy to clipboard operation
ssrf_filter copied to clipboard

Published 20 hours ago verified publisher icon arkadiyt

When try to get body I have error NoMethodError: undefined method `closed?' for nil:NilClass

Open DmytroKondratiuk opened this issue 3 years ago • 6 comments
trafficstars

In version "1.1.0" when try to get body I have error. For example:

 photo_url = any photo url
 SsrfFilter.get(photo_url).body

Error:

NoMethodError: undefined method `closed?' for nil:NilClass
raise IOError, 'attempt to read body out of block' if @socket.closed?

DmytroKondratiuk avatar Sep 15 '22 08:09 DmytroKondratiuk

Can you share a sample url to reproduce the issue?

arkadiyt avatar Sep 15 '22 18:09 arkadiyt

I get this same error with Carrierwave trying to set a remote url for an image.

nickcoyne avatar Sep 15 '22 19:09 nickcoyne

Can you share a sample url to reproduce the issue?

arkadiyt avatar Sep 15 '22 19:09 arkadiyt

I think my issue is caused by https://github.com/arkadiyt/ssrf_filter/issues/56

nickcoyne avatar Sep 15 '22 19:09 nickcoyne

For example photo_url = 'https://ssl.gstatic.com/ui/v1/icons/mail/rfr/logo_gmail_lockup_dark_2x_r5.png'

Screenshot 2022-09-16 at 09 42 02

In version 1.0.8 when we try get a photo SsrfFilter.get(photo_url) answer:

#<Net::HTTPOK 200 OK readbody=true>

In version 1.1.0 when we try get a photo SsrfFilter.get(photo_url) answer:

#<Net::HTTPOK 200 OK readbody=false>

DmytroKondratiuk avatar Sep 16 '22 06:09 DmytroKondratiuk

Same issue for a private project that was solved by downgrading to 1.0.8

vinc avatar Oct 04 '22 09:10 vinc

I confirm the fix by https://github.com/arkadiyt/ssrf_filter/pull/60

basex avatar Feb 06 '23 18:02 basex