revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 19:02:41 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/infrastructure
History
epriestley 1c32c9b965 Improve granluarity and defaults of security.allow-outbound-http 
Summary:
Ref T6755. This is a partial fix, but:

  - Allow netblocks to be blacklisted instead of making the feature all-or-nothing.
  - Default to disallow requests to all reserved private/local/special IP blocks. This should generally be a "safe" setting.
  - Explain the risks better.
  - Improve the errors rasied by Macro when failing.
  - Removed `security.allow-outbound-http`, as it is superseded by this setting and is somewhat misleading.
    - We still make outbound HTTP requests to OAuth.
    - We still make outbound HTTP requests for repositories.

From a technical perspective:

  - Separate URIs that are safe to link to or redirect to (basically, not "javascript://") from URIs that are safe to fetch (nothing in a private block).
  - Add the default blacklist.
  - Be more careful with response data in Macro fetching, and don't let the user see it if it isn't ultimately valid.

Additionally:

  - I want to do this check before pulling repositories, but that's enough of a mess that it should go in a separate diff.
  - The future implementation of T4190 needs to perform the fetch check.

Test Plan:
  - Fetched a valid macro.
  - Fetched a non-image, verified it didn't result in a viewable file.
  - Fetched a private-ip-space image, got an error.
  - Fetched a 404, got a useful-enough error without additional revealing response content (which is usually HTML anyway and not useful).
  - Fetched a bad protocol, got an error.
  - Linked to a local resource, a phriction page, a valid remote site, all worked.
  - Linked to private IP space, which worked fine (we want to let you link and redierect to other private services, just not fetch them).
  - Added and executed unit tests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12136
2015-03-23 10:44:03 -07:00
..
customfield Show change details for "Remarkup" standard custom field edits 2015-03-03 10:39:32 -08:00
daemon Increase the visibility of permanent task failures in task queue 2015-03-15 13:27:05 -07:00
diff When deleting inline comments, offer "undo" instead of prompting 2015-03-09 17:27:51 -07:00
edges Modernize remaining edge types 2015-01-03 10:58:20 +11:00
env Improve granluarity and defaults of security.allow-outbound-http 2015-03-23 10:44:03 -07:00
events Add a "did verify email" event to Phabricator 2015-02-11 14:39:06 -08:00
internationalization Improve translation of some file strings 2015-03-15 11:37:30 -07:00
javelin Allow Javelin initBehavior to source alternative library behaviors 2014-11-04 06:47:07 -08:00
lint/linter Use new FutureIterator instead of Futures 2014-12-30 23:13:38 +11:00
log Explicitly declare method/property visibility 2015-01-12 08:18:13 +11:00
management Add some of a billing daemon skeleton 2015-01-30 11:29:05 -08:00
markup Improve granluarity and defaults of security.allow-outbound-http 2015-03-23 10:44:03 -07:00
query Allow repositories to be ordered by commit count 2015-03-23 09:10:34 -07:00
sms Add "phabricator.silent" for stopping all outbound events from an install 2015-03-18 07:09:43 -07:00
ssh Proxy VCS SSH requests 2015-01-28 14:41:24 -08:00
storage Add a storage renamespace for mangling SQL dumpfiles into a new namespace 2015-03-17 18:29:01 -07:00
testing Add "phabricator.silent" for stopping all outbound events from an install 2015-03-18 07:09:43 -07:00
time Change double quotes to single quotes. 2014-06-09 11:36:50 -07:00
util Improve Phriction page move dialog 2014-11-12 07:04:51 -08:00
PhabricatorEditor.php Use ManiphestTaskQuery in nearly all interfaces 2013-09-25 13:44:14 -07:00