Bug 576428 - Log warning repo uses unsafe (eg http) protocolI20211007-0350I20211006-1800

Change-Id: Ibbdd4e8e3905458c2414c8250ce7f473c7a185c7
Reviewed-on: https://git.eclipse.org/r/c/equinox/rt.equinox.p2/+/186159
Tested-by: Equinox Bot <equinox-bot@eclipse.org>
Reviewed-by: Mickael Istria <mistria@redhat.com>

5 files changed, 19 insertions, 10 deletions

diff --git a/bundles/org.eclipse.equinox.p2.repository/META-INF/MANIFEST.MF b/bundles/org.eclipse.equinox.p2.repository/META-INF/MANIFEST.MF
index 173ef5315..ce71e8628 100644
--- a/bundles/org.eclipse.equinox.p2.repository/META-INF/MANIFEST.MF
+++ b/bundles/org.eclipse.equinox.p2.repository/META-INF/MANIFEST.MF
@@ -2,7 +2,7 @@ Manifest-Version: 1.0
 Bundle-ManifestVersion: 2
 Bundle-Name: %pluginName
 Bundle-SymbolicName: org.eclipse.equinox.p2.repository;singleton:=true
-Bundle-Version: 2.5.200.qualifier
+Bundle-Version: 2.5.300.qualifier
 Bundle-Activator: org.eclipse.equinox.internal.p2.repository.Activator
 Bundle-Vendor: %providerName
 Bundle-Localization: plugin
diff --git a/bundles/org.eclipse.equinox.p2.repository/pom.xml b/bundles/org.eclipse.equinox.p2.repository/pom.xml
index c3d2e5597..bc860f788 100644
--- a/bundles/org.eclipse.equinox.p2.repository/pom.xml
+++ b/bundles/org.eclipse.equinox.p2.repository/pom.xml
@@ -9,6 +9,6 @@
   </parent>
   <groupId>org.eclipse.equinox</groupId>
   <artifactId>org.eclipse.equinox.p2.repository</artifactId>
-  <version>2.5.200-SNAPSHOT</version>
+  <version>2.5.300-SNAPSHOT</version>
   <packaging>eclipse-plugin</packaging>
 </project>
diff --git a/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/CacheManager.java b/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/CacheManager.java
index 5b5b1cfe6..aeda92105 100644
--- a/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/CacheManager.java
+++ b/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/CacheManager.java
@@ -33,7 +33,7 @@ import org.eclipse.osgi.util.NLS;
 /**
  * A class to manage metadata cache files. Creating the cache files will place
  * the file in the AgentData location in a cache directory.
- * 
+ *
  * Using the bus listeners will allow the manager to listen for repository
  * events. When a repository is removed, it will remove the cache file if one
  * was created for the repository.
@@ -95,6 +95,7 @@ public class CacheManager {
 		if (!isURL(remoteFile)) {
 			throw new ProvisionException(new Status(IStatus.ERROR, Activator.ID, ProvisionException.REPOSITORY_NOT_FOUND, NLS.bind(Messages.CacheManager_CannotLoadNonUrlLocation, remoteFile), null));
 		}
+		checkLocationIsSecure(remoteFile);
 
 		SubMonitor submonitor = SubMonitor.convert(monitor, 1000);
 		try {
@@ -145,13 +146,13 @@ public class CacheManager {
 	/**
 	 * Returns a local cache file with the contents of the given remote location,
 	 * or <code>null</code> if a local cache could not be created.
-	 * 
+	 *
 	 * @param repositoryLocation The remote location to be cached
 	 * @param prefix The prefix to use when creating the cache file
 	 * @param monitor a progress monitor
 	 * @return A {@link File} object pointing to the cache file or <code>null</code>
 	 * if the location is not a repository.
-	 * @throws FileNotFoundException if neither jar nor xml index file exists at given location 
+	 * @throws FileNotFoundException if neither jar nor xml index file exists at given location
 	 * @throws AuthenticationFailedException if jar not available and xml causes authentication fail
 	 * @throws IOException on general IO errors
 	 * @throws ProvisionException on any error (e.g. user cancellation, unknown host, malformed address, connection refused, etc.)
@@ -161,7 +162,7 @@ public class CacheManager {
 		if (!isURL(repositoryLocation)) {
 			throw new ProvisionException(new Status(IStatus.ERROR, Activator.ID, ProvisionException.REPOSITORY_NOT_FOUND, NLS.bind(Messages.CacheManager_CannotLoadNonUrlLocation, repositoryLocation), null));
 		}
-
+		checkLocationIsSecure(repositoryLocation);
 		SubMonitor submonitor = SubMonitor.convert(monitor, 1000);
 		try {
 			knownPrefixes.add(prefix);
@@ -170,7 +171,7 @@ public class CacheManager {
 			URI xmlLocation = URIUtil.append(repositoryLocation, prefix + XML_EXTENSION);
 			int hashCode = computeHash(repositoryLocation);
 
-			// Knowing if cache is stale is complicated by the fact that a jar could have been 
+			// Knowing if cache is stale is complicated by the fact that a jar could have been
 			// produced after an xml index (and vice versa), and by the need to capture any
 			// errors, as these needs to be reported to the user as something meaningful - instead of
 			// just a general "can't read repository".
@@ -228,7 +229,7 @@ public class CacheManager {
 				// when checking for the jar may not be correct).
 				try {
 					lastModifiedRemote = getLastModified(xmlLocation, submonitor.newChild(1));
-					// if lastModifiedRemote is 0 - something is wrong in the communication stack, as 
+					// if lastModifiedRemote is 0 - something is wrong in the communication stack, as
 					// a FileNotFound exception should have been thrown.
 					// bug 269588 - server may return 0 when file exists - site is not correctly configured
 					if (lastModifiedRemote <= 0)
@@ -268,6 +269,12 @@ public class CacheManager {
 		}
 	}
 
+	private void checkLocationIsSecure(URI repositoryLocation) {
+		if ("http".equals(repositoryLocation.getScheme())) { //$NON-NLS-1$
+			LogHelper.log(new Status(IStatus.WARNING, Activator.ID, NLS.bind(Messages.unsafeHttp, repositoryLocation)));
+		}
+	}
+
 	private long getLastModified(URI location, IProgressMonitor monitor) throws AuthenticationFailedException, FileNotFoundException, CoreException {
 		CoreException exception = null;
 		long lastModifiedRemote = -1L;
@@ -405,7 +412,7 @@ public class CacheManager {
 		if (!downloadDir.exists())
 			downloadDir.mkdir();
 		File tempFile = new File(downloadDir, cacheFile.getName());
-		// Ensure that the file from a previous download attempt is removed 
+		// Ensure that the file from a previous download attempt is removed
 		if (tempFile.exists())
 			safeDelete(tempFile);
 
diff --git a/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/Messages.java b/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/Messages.java
index cd508f561..cd53a09b0 100644
--- a/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/Messages.java
+++ b/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/Messages.java
@@ -7,7 +7,7 @@
  *  https://www.eclipse.org/legal/epl-2.0/
  *
  *  SPDX-License-Identifier: EPL-2.0
- * 
+ *
  *  Contributors:
  *     IBM Corporation - initial API and implementation
  *     Cloudsmith Inc - additional messages
@@ -89,6 +89,7 @@ public class Messages extends NLS {
 	public static String UnableToRead_0_UserCanceled;
 
 	public static String RepositoryTransport_failedReadRepo;
+	public static String unsafeHttp;
 
 	static {
 		// initialize resource bundles
diff --git a/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/messages.properties b/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/messages.properties
index 8c920be73..a2b8daa56 100644
--- a/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/messages.properties
+++ b/bundles/org.eclipse.equinox.p2.repository/src/org/eclipse/equinox/internal/p2/repository/messages.properties
@@ -80,3 +80,4 @@ connection_to_0_failed_on_1_retry_attempt_2=Connection to {0} failed on {1}. Ret
 UnableToRead_0_TooManyAttempts=Unable to read repository at: {0}. Too many failed login attempts.
 UnableToRead_0_UserCanceled=Unable to read repository at: {0}. Login canceled by user.
 RepositoryTransport_failedReadRepo=Error while reading from repository: {0}.
+unsafeHttp=Using unsafe http transport to retrieve {0}, see CVE-2021-41033. Consider using https instead.
\ No newline at end of file