Add remote host validation API

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

1 files changed, 13 insertions, 5 deletions

diff --git a/lib/private/Http/Client/Client.php b/lib/private/Http/Client/Client.php
index d4dba3e5a44..2e370395132 100644
--- a/lib/private/Http/Client/Client.php
+++ b/lib/private/Http/Client/Client.php
@@ -37,8 +37,11 @@ use GuzzleHttp\Client as GuzzleClient;
 use GuzzleHttp\RequestOptions;
 use OCP\Http\Client\IClient;
 use OCP\Http\Client\IResponse;
+use OCP\Http\Client\LocalServerException;
 use OCP\ICertificateManager;
 use OCP\IConfig;
+use OCP\Security\IRemoteHostValidator;
+use function parse_url;
 
 /**
  * Class Client
@@ -52,19 +55,18 @@ class Client implements IClient {
 	private $config;
 	/** @var ICertificateManager */
 	private $certificateManager;
-	/** @var LocalAddressChecker */
-	private $localAddressChecker;
+	private IRemoteHostValidator $remoteHostValidator;
 
 	public function __construct(
 		IConfig $config,
 		ICertificateManager $certificateManager,
 		GuzzleClient $client,
-		LocalAddressChecker $localAddressChecker
+		IRemoteHostValidator $remoteHostValidator
 	) {
 		$this->config = $config;
 		$this->client = $client;
 		$this->certificateManager = $certificateManager;
-		$this->localAddressChecker = $localAddressChecker;
+		$this->remoteHostValidator = $remoteHostValidator;
 	}
 
 	private function buildRequestOptions(array $options): array {
@@ -181,7 +183,13 @@ class Client implements IClient {
 			return;
 		}
 
-		$this->localAddressChecker->throwIfLocalAddress($uri);
+		$host = parse_url($uri, PHP_URL_HOST);
+		if ($host === false || $host === null) {
+			throw new LocalServerException('Could not detect any host');
+		}
+		if (!$this->remoteHostValidator->isValid($host)) {
+			throw new LocalServerException('Host violates local access rules');
+		}
 	}
 
 	/**