Skip to content

chore: ip check #1810

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
jaybuidl wants to merge 1 commit into from
Closed

chore: ip check #1810

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion web/scripts/generateBuildInfo.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,8 @@

SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"

echo "MY IP"
curl ifconfig.me
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add error handling and timeout for curl command

The current implementation lacks error handling and timeout controls, which could:

  1. Hang the build process indefinitely if the service is slow
  2. Fail silently if the service is down
  3. Impact build reliability

Consider this more robust implementation:

-curl ifconfig.me
+if ! curl --max-time 5 --silent --fail ifconfig.me; then
+  echo "Failed to retrieve IP address"
+  # Use fallback services or continue build
+fi

Additionally, consider using multiple IP services for redundancy:

IP_SERVICES=("ifconfig.me" "ipinfo.io/ip" "api.ipify.org")
for service in "${IP_SERVICES[@]}"; do
  if IP=$(curl --max-time 5 --silent --fail "$service"); then
    echo "$IP"
    break
  fi
done

Comment on lines +5 to +6
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

⚠️ Potential issue

Based on the gathered information, I can now provide the final response:

Remove IP address exposure from build info script

The IP address check is not being used in the generated build info (generatedNetlifyInfo.json) or anywhere else in the application. It appears to be a standalone debug statement that:

  1. Prints to build logs without context
  2. Makes an unnecessary HTTP request that could slow down builds
  3. Exposes potentially sensitive infrastructure information

Remove lines 5-6 from web/scripts/generateBuildInfo.sh as they serve no functional purpose in the build process.

🔗 Analysis chain

Security: Reconsider exposing public IP in build logs

Exposing the public IP address in build logs could pose security risks:

  1. It reveals infrastructure information that could be used in targeted attacks
  2. Build logs are often accessible to multiple team members or could be exposed in public CI systems

Consider:

  • Removing this feature if it's not essential
  • Adding appropriate access controls to build logs
  • Logging only when explicitly enabled via an environment variable

Let's check if the build logs are publicly accessible:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for public build log configurations in common CI files
rg -l '(public_builds|public_logs|artifacts.*public)' .github/ .gitlab-ci.yml netlify.toml

Length of output: 147

Script:

#!/bin/bash
# Let's check for CI configuration files and deployment scripts
fd -e yml -e yaml -e json -e toml "^(\.gitlab-ci|\.travis|netlify|vercel|azure-pipelines|build|deploy)"

# Check for any GitHub Actions workflow files
fd . .github/workflows/ -e yml -e yaml

# Look for build script references in package.json if it exists
fd "package.json" -x jq -r '.scripts | select(. != null)'

# Search for build log related configurations
rg -i "(build.*log|log.*build|artifact.*public|public.*artifact)"

Length of output: 14699

Script:

#!/bin/bash
# Let's check if the build info is used in any public contexts or CI
rg -i "generateBuildInfo|build.*info" .github/workflows/

# Check where the build info is consumed
rg -l "buildInfo" 

# Check for environment variables that might control logging
rg -i "(log.*level|debug.*mode|verbose|build.*env)"

Length of output: 65667

Script:

#!/bin/bash
# Let's check if the IP is used in any sensitive context or stored
rg -i "ifconfig\.me|MY IP" -A 2 -B 2

# Check if the build info is used in any public URLs or endpoints
rg -i "buildinfo|build.*info" web/

# Check for environment variables that might control this behavior
fd -H "\.env" -x cat {} \;

Length of output: 8212

Script:

#!/bin/bash
# Check how the build info is used in the application
rg -p "generatedNetlifyInfo.json" web/

# Check the build script's usage context
rg -p "generateBuildInfo.sh" web/

# Look for any public endpoints or routes that might expose build info
fd -e ts -e tsx -e js -e jsx -x rg -l "buildInfo|netlifyInfo"

Length of output: 482


jq -n --arg primeUri "$DEPLOY_PRIME_URL" --arg uri "$URL" --arg deployUri "$DEPLOY_URL" '{ netlifyDeployPrimeUri: $primeUri, netlifyUri: $uri, netlifyDeployUri: $deployUri }' > src/generatedNetlifyInfo.json
node $SCRIPT_DIR/gitInfo.js
node $SCRIPT_DIR/gitInfo.js
Loading