Remove long unused UntrustedWebRequest class
This purports to check web requests but doesn't appear to actually do that.0.8.0.3
Justin Clark-Casey (justincc)
parent
5fafea6631
commit
94ad69faf2
|
|
@ -1,230 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) Contributors, http://opensimulator.org/
|
||||
* See CONTRIBUTORS.TXT for a full list of copyright holders.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the name of the OpenSimulator Project nor the
|
||||
* names of its contributors may be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
|
||||
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
|
||||
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Net;
|
||||
using System.Net.Security;
|
||||
using System.Text;
|
||||
using log4net;
|
||||
|
||||
namespace OpenSim.Framework
|
||||
{
|
||||
/// <summary>
|
||||
/// Used for requests to untrusted endpoints that may potentially be
|
||||
/// malicious
|
||||
/// </summary>
|
||||
public static class UntrustedHttpWebRequest
|
||||
{
|
||||
/// <summary>Setting this to true will allow HTTP connections to localhost</summary>
|
||||
private const bool DEBUG = true;
|
||||
|
||||
private static readonly ILog m_log =
|
||||
LogManager.GetLogger(
|
||||
System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
|
||||
|
||||
private static readonly ICollection<string> allowableSchemes = new List<string> { "http", "https" };
|
||||
|
||||
/// <summary>
|
||||
/// Creates an HttpWebRequest that is hardened against malicious
|
||||
/// endpoints after ensuring the given Uri is safe to retrieve
|
||||
/// </summary>
|
||||
/// <param name="uri">Web location to request</param>
|
||||
/// <returns>A hardened HttpWebRequest if the uri was determined to be safe</returns>
|
||||
/// <exception cref="ArgumentNullException">If uri is null</exception>
|
||||
/// <exception cref="ArgumentException">If uri is unsafe</exception>
|
||||
public static HttpWebRequest Create(Uri uri)
|
||||
{
|
||||
return Create(uri, DEBUG, 1000 * 5, 1000 * 20, 10);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Creates an HttpWebRequest that is hardened against malicious
|
||||
/// endpoints after ensuring the given Uri is safe to retrieve
|
||||
/// </summary>
|
||||
/// <param name="uri">Web location to request</param>
|
||||
/// <param name="allowLoopback">True to allow connections to localhost, otherwise false</param>
|
||||
/// <param name="readWriteTimeoutMS">Read write timeout, in milliseconds</param>
|
||||
/// <param name="timeoutMS">Connection timeout, in milliseconds</param>
|
||||
/// <param name="maximumRedirects">Maximum number of allowed redirects</param>
|
||||
/// <returns>A hardened HttpWebRequest if the uri was determined to be safe</returns>
|
||||
/// <exception cref="ArgumentNullException">If uri is null</exception>
|
||||
/// <exception cref="ArgumentException">If uri is unsafe</exception>
|
||||
public static HttpWebRequest Create(Uri uri, bool allowLoopback, int readWriteTimeoutMS, int timeoutMS, int maximumRedirects)
|
||||
{
|
||||
if (uri == null)
|
||||
throw new ArgumentNullException("uri");
|
||||
|
||||
if (!IsUriAllowable(uri, allowLoopback))
|
||||
throw new ArgumentException("Uri " + uri + " was rejected");
|
||||
|
||||
HttpWebRequest httpWebRequest = (HttpWebRequest)HttpWebRequest.Create(uri);
|
||||
httpWebRequest.MaximumAutomaticRedirections = maximumRedirects;
|
||||
httpWebRequest.ReadWriteTimeout = readWriteTimeoutMS;
|
||||
httpWebRequest.Timeout = timeoutMS;
|
||||
httpWebRequest.KeepAlive = false;
|
||||
|
||||
return httpWebRequest;
|
||||
}
|
||||
|
||||
public static string PostToUntrustedUrl(Uri url, string data)
|
||||
{
|
||||
try
|
||||
{
|
||||
byte[] requestData = System.Text.Encoding.UTF8.GetBytes(data);
|
||||
|
||||
HttpWebRequest request = Create(url);
|
||||
request.Method = "POST";
|
||||
request.ContentLength = requestData.Length;
|
||||
request.ContentType = "application/x-www-form-urlencoded";
|
||||
|
||||
using (Stream requestStream = request.GetRequestStream())
|
||||
requestStream.Write(requestData, 0, requestData.Length);
|
||||
|
||||
using (WebResponse response = request.GetResponse())
|
||||
{
|
||||
using (Stream responseStream = response.GetResponseStream())
|
||||
return responseStream.GetStreamString();
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
m_log.Warn("POST to untrusted URL " + url + " failed: " + ex.Message);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
public static string GetUntrustedUrl(Uri url)
|
||||
{
|
||||
try
|
||||
{
|
||||
HttpWebRequest request = Create(url);
|
||||
|
||||
using (WebResponse response = request.GetResponse())
|
||||
{
|
||||
using (Stream responseStream = response.GetResponseStream())
|
||||
return responseStream.GetStreamString();
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
m_log.Warn("GET from untrusted URL " + url + " failed: " + ex.Message);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Determines whether a URI is allowed based on scheme and host name.
|
||||
/// No requireSSL check is done here
|
||||
/// </summary>
|
||||
/// <param name="allowLoopback">True to allow loopback addresses to be used</param>
|
||||
/// <param name="uri">The URI to test for whether it should be allowed.</param>
|
||||
/// <returns>
|
||||
/// <c>true</c> if [is URI allowable] [the specified URI]; otherwise, <c>false</c>.
|
||||
/// </returns>
|
||||
private static bool IsUriAllowable(Uri uri, bool allowLoopback)
|
||||
{
|
||||
if (!allowableSchemes.Contains(uri.Scheme))
|
||||
{
|
||||
m_log.WarnFormat("Rejecting URL {0} because it uses a disallowed scheme.", uri);
|
||||
return false;
|
||||
}
|
||||
|
||||
// Try to interpret the hostname as an IP address so we can test for internal
|
||||
// IP address ranges. Note that IP addresses can appear in many forms
|
||||
// (e.g. http://127.0.0.1, http://2130706433, http://0x0100007f, http://::1
|
||||
// So we convert them to a canonical IPAddress instance, and test for all
|
||||
// non-routable IP ranges: 10.*.*.*, 127.*.*.*, ::1
|
||||
// Note that Uri.IsLoopback is very unreliable, not catching many of these variants.
|
||||
IPAddress hostIPAddress;
|
||||
if (IPAddress.TryParse(uri.DnsSafeHost, out hostIPAddress))
|
||||
{
|
||||
byte[] addressBytes = hostIPAddress.GetAddressBytes();
|
||||
|
||||
// The host is actually an IP address.
|
||||
switch (hostIPAddress.AddressFamily)
|
||||
{
|
||||
case System.Net.Sockets.AddressFamily.InterNetwork:
|
||||
if (!allowLoopback && (addressBytes[0] == 127 || addressBytes[0] == 10))
|
||||
{
|
||||
m_log.WarnFormat("Rejecting URL {0} because it is a loopback address.", uri);
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
case System.Net.Sockets.AddressFamily.InterNetworkV6:
|
||||
if (!allowLoopback && IsIPv6Loopback(hostIPAddress))
|
||||
{
|
||||
m_log.WarnFormat("Rejecting URL {0} because it is a loopback address.", uri);
|
||||
return false;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
m_log.WarnFormat("Rejecting URL {0} because it does not use an IPv4 or IPv6 address.", uri);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// The host is given by name. We require names to contain periods to
|
||||
// help make sure it's not an internal address.
|
||||
if (!allowLoopback && !uri.Host.Contains("."))
|
||||
{
|
||||
m_log.WarnFormat("Rejecting URL {0} because it does not contain a period in the host name.", uri);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Determines whether an IP address is the IPv6 equivalent of "localhost/127.0.0.1".
|
||||
/// </summary>
|
||||
/// <param name="ip">The ip address to check.</param>
|
||||
/// <returns>
|
||||
/// <c>true</c> if this is a loopback IP address; <c>false</c> otherwise.
|
||||
/// </returns>
|
||||
private static bool IsIPv6Loopback(IPAddress ip)
|
||||
{
|
||||
if (ip == null)
|
||||
throw new ArgumentNullException("ip");
|
||||
|
||||
byte[] addressBytes = ip.GetAddressBytes();
|
||||
for (int i = 0; i < addressBytes.Length - 1; i++)
|
||||
{
|
||||
if (addressBytes[i] != 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
if (addressBytes[addressBytes.Length - 1] != 1)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue