Skip to content

Commit 7148456

Browse files
cncodercncoder
committed
fix(discord): add allowRfc2544BenchmarkRange to attachment and sticker downloads
Discord attachment and sticker downloads fail when the host uses a local proxy with virtual-IP DNS mode (198.18.0.0/15, RFC 2544 benchmark range). The SSRF guard blocks these addresses by default. This follows the same pattern already applied in the Telegram module (src/telegram/bot/delivery.ts:43) by passing ssrfPolicy with allowRfc2544BenchmarkRange: true to fetchRemoteMedia calls. Only Discord-specific call sites are modified to keep the fix scoped: - appendResolvedMediaFromAttachments (voice messages, images, files) - appendResolvedMediaFromStickers Updated corresponding test assertions to expect the new ssrfPolicy parameter. Fixes #25215 Related: #25086, #24973, #24454
1 parent 56b8c69 commit 7148456

File tree

2 files changed

+5
-0
lines changed

2 files changed

+5
-0
lines changed

src/discord/monitor/message-utils.test.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@ describe("resolveForwardedMediaList", () => {
9494
filePathHint: attachment.filename,
9595
maxBytes: 512,
9696
fetchImpl: undefined,
97+
ssrfPolicy: { allowRfc2544BenchmarkRange: true },
9798
});
9899
expect(saveMediaBuffer).toHaveBeenCalledTimes(1);
99100
expect(saveMediaBuffer).toHaveBeenCalledWith(expect.any(Buffer), "image/png", "inbound", 512);
@@ -168,6 +169,7 @@ describe("resolveForwardedMediaList", () => {
168169
filePathHint: "wave.png",
169170
maxBytes: 512,
170171
fetchImpl: undefined,
172+
ssrfPolicy: { allowRfc2544BenchmarkRange: true },
171173
});
172174
expect(saveMediaBuffer).toHaveBeenCalledTimes(1);
173175
expect(saveMediaBuffer).toHaveBeenCalledWith(expect.any(Buffer), "image/png", "inbound", 512);
@@ -236,6 +238,7 @@ describe("resolveMediaList", () => {
236238
filePathHint: "hello.png",
237239
maxBytes: 512,
238240
fetchImpl: undefined,
241+
ssrfPolicy: { allowRfc2544BenchmarkRange: true },
239242
});
240243
expect(saveMediaBuffer).toHaveBeenCalledTimes(1);
241244
expect(saveMediaBuffer).toHaveBeenCalledWith(expect.any(Buffer), "image/png", "inbound", 512);

src/discord/monitor/message-utils.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -228,6 +228,7 @@ async function appendResolvedMediaFromAttachments(params: {
228228
filePathHint: attachment.filename ?? attachment.url,
229229
maxBytes: params.maxBytes,
230230
fetchImpl: params.fetchImpl,
231+
ssrfPolicy: { allowRfc2544BenchmarkRange: true },
231232
});
232233
const saved = await saveMediaBuffer(
233234
fetched.buffer,
@@ -320,6 +321,7 @@ async function appendResolvedMediaFromStickers(params: {
320321
filePathHint: candidate.fileName,
321322
maxBytes: params.maxBytes,
322323
fetchImpl: params.fetchImpl,
324+
ssrfPolicy: { allowRfc2544BenchmarkRange: true },
323325
});
324326
const saved = await saveMediaBuffer(
325327
fetched.buffer,

0 commit comments

Comments
 (0)