mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-28 01:32:42 +01:00
1c32c9b965
Summary: Ref T6755. This is a partial fix, but: - Allow netblocks to be blacklisted instead of making the feature all-or-nothing. - Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting. - Explain the risks better. - Improve the errors rasied by Macro when failing. - Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading. - We still make outbound HTTP requests to OAuth. - We still make outbound HTTP requests for repositories. From a technical perspective: - Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block). - Add the default blacklist. - Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid. Additionally: - I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff. - The future implementation of T4190 needs to perform the fetch check. Test Plan: - Fetched a valid macro. - Fetched a non-image, verified it didn't result in a viewable file. - Fetched a private-ip-space image, got an error. - Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful). - Fetched a bad protocol, got an error. - Linked to a local resource, a phriction page, a valid remote site, all worked. - Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them). - Added and executed unit tests. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T6755 Differential Revision: https://secure.phabricator.com/D12136 |
||
|---|---|---|
| .. | ||
| config | ||
| PhabricatorAuthConfirmLinkController.php | ||
| PhabricatorAuthController.php | ||
| PhabricatorAuthDowngradeSessionController.php | ||
| PhabricatorAuthFinishController.php | ||
| PhabricatorAuthInviteController.php | ||
| PhabricatorAuthLinkController.php | ||
| PhabricatorAuthLoginController.php | ||
| PhabricatorAuthNeedsApprovalController.php | ||
| PhabricatorAuthNeedsMultiFactorController.php | ||
| PhabricatorAuthOldOAuthRedirectController.php | ||
| PhabricatorAuthOneTimeLoginController.php | ||
| PhabricatorAuthRegisterController.php | ||
| PhabricatorAuthRevokeTokenController.php | ||
| PhabricatorAuthSSHKeyController.php | ||
| PhabricatorAuthSSHKeyDeleteController.php | ||
| PhabricatorAuthSSHKeyEditController.php | ||
| PhabricatorAuthSSHKeyGenerateController.php | ||
| PhabricatorAuthStartController.php | ||
| PhabricatorAuthTerminateSessionController.php | ||
| PhabricatorAuthUnlinkController.php | ||
| PhabricatorAuthValidateController.php | ||
| PhabricatorDisabledUserController.php | ||
| PhabricatorEmailLoginController.php | ||
| PhabricatorEmailVerificationController.php | ||
| PhabricatorLogoutController.php | ||
| PhabricatorMustVerifyEmailController.php | ||
| PhabricatorRefreshCSRFController.php | ||