revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 23:32:40 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/infrastructure/markup
History
epriestley 1c32c9b965 Improve granluarity and defaults of security.allow-outbound-http 
Summary:
Ref T6755. This is a partial fix, but:

  - Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
  - Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
  - Explain the risks better.
  - Improve the errors rasied by Macro when failing.
  - Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
    - We still make outbound HTTP requests to OAuth.
    - We still make outbound HTTP requests for repositories.

From a technical perspective:

  - Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
  - Add the default blacklist.
  - Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.

Additionally:

  - I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
  - The future implementation of T4190 needs to perform the fetch check.

Test Plan:
  - Fetched a valid macro.
  - Fetched a non-image, verified it didn't result in a viewable file.
  - Fetched a private-ip-space image, got an error.
  - Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
  - Fetched a bad protocol, got an error.
  - Linked to a local resource, a phriction page, a valid remote site, all worked.
  - Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
  - Added and executed unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 10:44:03 -07:00
..
interpreter Fix a pht method call 2015-02-11 06:54:10 +11:00
rule Improve granluarity and defaults of security.allow-outbound-http 2015-03-23 10:44:03 -07:00
PhabricatorMarkupEngine.php Do not CC users without permissions to view an object 2015-01-01 08:05:52 -08:00
PhabricatorMarkupInterface.php Remove @group annotations 2014-07-10 08:12:48 +10:00
PhabricatorMarkupOneOff.php Disable caching of remarkup previews 2015-02-22 05:39:25 -08:00
PhabricatorMarkupPreviewController.php Disable caching of remarkup previews 2015-02-22 05:39:25 -08:00
PhabricatorSyntaxHighlighter.php Remove @group annotations 2014-07-10 08:12:48 +10:00