diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2022-07-13 09:07:16 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-13 09:07:16 +0800 |
| commit | f67a1030b308a24cca13ff788f7b7119f0404580 (patch) | |
| tree | 2f5d8777096f84bf4443070fa379ec4fd3034332 /services/migrations/migrate.go | |
| parent | d94f517643480369665eb37db31c9ddd700e07b3 (diff) | |
| download | gitea-f67a1030b308a24cca13ff788f7b7119f0404580.tar.gz gitea-f67a1030b308a24cca13ff788f7b7119f0404580.zip | |
Add tests for the host checking logic, clarify the behaviors (#20328)
Before, the combination of AllowedDomains/BlockedDomains/AllowLocalNetworks is confusing.
This PR adds tests for the logic, clarify the behaviors.
Diffstat (limited to 'services/migrations/migrate.go')
| -rw-r--r-- | services/migrations/migrate.go | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/services/migrations/migrate.go b/services/migrations/migrate.go index ce76733bd5..f2542173a0 100644 --- a/services/migrations/migrate.go +++ b/services/migrations/migrate.go @@ -84,7 +84,10 @@ func IsMigrateURLAllowed(remoteURL string, doer *user_model.User) error { // some users only use proxy, there is no DNS resolver. it's safe to ignore the LookupIP error addrList, _ := net.LookupIP(hostName) + return checkByAllowBlockList(hostName, addrList) +} +func checkByAllowBlockList(hostName string, addrList []net.IP) error { var ipAllowed bool var ipBlocked bool for _, addr := range addrList { @@ -93,12 +96,12 @@ func IsMigrateURLAllowed(remoteURL string, doer *user_model.User) error { } var blockedError error if blockList.MatchHostName(hostName) || ipBlocked { - blockedError = &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true} + blockedError = &models.ErrInvalidCloneAddr{Host: hostName, IsPermissionDenied: true} } - // if we have an allow-list, check the allow-list first + // if we have an allow-list, check the allow-list before return to get the more accurate error if !allowList.IsEmpty() { if !allowList.MatchHostName(hostName) && !ipAllowed { - return &models.ErrInvalidCloneAddr{Host: u.Host, IsPermissionDenied: true} + return &models.ErrInvalidCloneAddr{Host: hostName, IsPermissionDenied: true} } } // otherwise, we always follow the blocked list @@ -474,5 +477,7 @@ func Init() error { allowList.AppendBuiltin(hostmatcher.MatchBuiltinPrivate) allowList.AppendBuiltin(hostmatcher.MatchBuiltinLoopback) } + // TODO: at the moment, if ALLOW_LOCALNETWORKS=false, ALLOWED_DOMAINS=domain.com, and domain.com has IP 127.0.0.1, then it's still allowed. + // if we want to block such case, the private&loopback should be added to the blockList when ALLOW_LOCALNETWORKS=false return nil } |