summaryrefslogtreecommitdiffstatsabout
diff options
context:
space:
mode:
authorMatthias Sohn2013-05-16 17:42:42 (EDT)
committer skaegi2013-05-16 21:30:17 (EDT)
commit18d0b50394f17e1d8556194a82cdf262c38a3412 (patch)
tree10bd463ac34ac2234ad6c3ecfedbe3b02f5689b9
parent0f739ca3fddefee79c332e62b43c428e2e2624ca (diff)
downloadorg.eclipse.orion.server-18d0b50394f17e1d8556194a82cdf262c38a3412.zip
org.eclipse.orion.server-18d0b50394f17e1d8556194a82cdf262c38a3412.tar.gz
org.eclipse.orion.server-18d0b50394f17e1d8556194a82cdf262c38a3412.tar.bz2
Bug 408270 - only allow whitelisted URI schemesv20130517-0130
Prevent that users can use a URI scheme which would potentially allow to gain access to git repositories located in another user's workspace. Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
-rw-r--r--bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitCloneHandlerV1.java15
-rw-r--r--bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitRemoteHandlerV1.java15
-rw-r--r--bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitUtils.java21
-rw-r--r--tests/org.eclipse.orion.server.tests/src/org/eclipse/orion/server/tests/servlets/git/GitCloneTest.java16
4 files changed, 54 insertions, 13 deletions
diff --git a/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitCloneHandlerV1.java b/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitCloneHandlerV1.java
index 15f6156..caa8bcb 100644
--- a/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitCloneHandlerV1.java
+++ b/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitCloneHandlerV1.java
@@ -4,7 +4,7 @@
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
- *
+ *
* Contributors:
* IBM Corporation - initial API and implementation
*******************************************************************************/
@@ -91,7 +91,7 @@ public class GitCloneHandlerV1 extends ServletResourceHandler<String> {
Clone clone = new Clone();
String url = toAdd.optString(GitConstants.KEY_URL, null);
// method handles repository clone or just repository init
- // decision is based on existence of GitUrl argument
+ // decision is based on existence of GitUrl argument
boolean initOnly;
if (url == null || url.isEmpty())
initOnly = true;
@@ -430,9 +430,9 @@ public class GitCloneHandlerV1 extends ServletResourceHandler<String> {
/**
* Looks for the project in all workspaces of the user and removes it when found.
- *
+ *
* @see WorkspaceResourceHandler#handleRemoveProject(HttpServletRequest, HttpServletResponse, WorkspaceInfo)
- *
+ *
* @param userId the user name
* @param project the project to remove
* @return ServerStatus <code>OK</code> if the project has been found and successfully removed,
@@ -482,7 +482,12 @@ public class GitCloneHandlerV1 extends ServletResourceHandler<String> {
return false;
}
try {
- new URIish(url);
+ URIish uri = new URIish(url);
+ String scheme = uri.getScheme();
+ if (GitUtils.isForbiddenUriSchem(scheme)) {
+ statusHandler.handleRequest(request, response, new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_BAD_REQUEST, NLS.bind("Clone URL {0} cannot use prohibited scheme {1}", uri, scheme), null)); //$NON-NLS-1$
+ return false;
+ }
} catch (URISyntaxException e) {
statusHandler.handleRequest(request, response, new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_BAD_REQUEST, NLS.bind("Invalid clone URL: {0}", url), e)); //$NON-NLS-1$
return false;
diff --git a/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitRemoteHandlerV1.java b/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitRemoteHandlerV1.java
index 1106485..beb5717 100644
--- a/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitRemoteHandlerV1.java
+++ b/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitRemoteHandlerV1.java
@@ -4,7 +4,7 @@
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
- *
+ *
* Contributors:
* IBM Corporation - initial API and implementation
*******************************************************************************/
@@ -172,6 +172,19 @@ public class GitRemoteHandlerV1 extends ServletResourceHandler<String> {
if (remoteURI == null || remoteURI.isEmpty()) {
return statusHandler.handleRequest(request, response, new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_BAD_REQUEST, "Remote URI must be provided", null));
}
+
+ try {
+ URIish uri = new URIish(remoteURI);
+ String scheme = uri.getScheme();
+ if (GitUtils.isForbiddenUriSchem(scheme)) {
+ statusHandler.handleRequest(request, response, new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_BAD_REQUEST, NLS.bind("Remote URI {0} cannot use prohibited scheme {1}", remoteURI, scheme), null)); //$NON-NLS-1$
+ return false;
+ }
+ } catch (URISyntaxException e) {
+ statusHandler.handleRequest(request, response, new ServerStatus(IStatus.ERROR, HttpServletResponse.SC_BAD_REQUEST, NLS.bind("Invalid remote URI: {0}", remoteURI), e)); //$NON-NLS-1$
+ return false;
+ }
+
String fetchRefSpec = toPut.optString(GitConstants.KEY_REMOTE_FETCH_REF, null);
String remotePushURI = toPut.optString(GitConstants.KEY_REMOTE_PUSH_URI, null);
String pushRefSpec = toPut.optString(GitConstants.KEY_REMOTE_PUSH_REF, null);
diff --git a/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitUtils.java b/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitUtils.java
index 612a53b..8f2e434 100644
--- a/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitUtils.java
+++ b/bundles/org.eclipse.orion.server.git/src/org/eclipse/orion/server/git/servlets/GitUtils.java
@@ -4,7 +4,7 @@
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
- *
+ *
* Contributors:
* IBM Corporation - initial API and implementation
*******************************************************************************/
@@ -35,8 +35,15 @@ public class GitUtils {
GO_UP, GO_DOWN, CURRENT
}
+ /*
+ * White list for URL schemes we can allow since they can't be used to gain access to git repositories
+ * in another Orion workspace since they require a daemon to serve them. Especially file protocol needs
+ * to be prohibited (bug 408270).
+ */
+ private static Set<String> uriSchemeWhitelist = new HashSet<String>(Arrays.asList("ftp", "git", "http", "https", "sftp", "ssh"));
+
/**
- * Returns the file representing the Git repository directory for the given
+ * Returns the file representing the Git repository directory for the given
* file path or any of its parent in the filesystem. If the file doesn't exits,
* is not a Git repository or an error occurred while transforming the given
* path into a store <code>null</code> is returned.
@@ -73,7 +80,7 @@ public class GitUtils {
/**
* Returns the existing git repositories for the given file path, following
* the given traversal rule.
- *
+ *
* @param path expected format /file/{Workspace}/{projectName}[/{path}]
* @return a map of all git repositories found, or <code>null</code>
* if the provided path format doesn't match the expected format.
@@ -209,7 +216,7 @@ public class GitUtils {
}
/**
- * Returns the existing WebProject corresponding to the provided path,
+ * Returns the existing WebProject corresponding to the provided path,
* or <code>null</code> if no such project exists.
* @param path path in the form /file/{workspaceId}/{projectName}/[filePath]
* @return the web project, or <code>null</code>
@@ -229,11 +236,15 @@ public class GitUtils {
/**
* Returns the HTTP path for the content resource of the given project.
* @param workspace The web workspace
- * @param project The web project
+ * @param project The web project
* @return the HTTP path of the project content resource
*/
public static IPath pathFromProject(WorkspaceInfo workspace, ProjectInfo project) {
return new Path(org.eclipse.orion.internal.server.servlets.Activator.LOCATION_FILE_SERVLET).append(workspace.getUniqueId()).append(project.getFullName());
}
+
+ public static boolean isForbiddenUriSchem(String scheme) {
+ return !uriSchemeWhitelist.contains(scheme);
+ }
}
diff --git a/tests/org.eclipse.orion.server.tests/src/org/eclipse/orion/server/tests/servlets/git/GitCloneTest.java b/tests/org.eclipse.orion.server.tests/src/org/eclipse/orion/server/tests/servlets/git/GitCloneTest.java
index 3b9be3d..17e8adc 100644
--- a/tests/org.eclipse.orion.server.tests/src/org/eclipse/orion/server/tests/servlets/git/GitCloneTest.java
+++ b/tests/org.eclipse.orion.server.tests/src/org/eclipse/orion/server/tests/servlets/git/GitCloneTest.java
@@ -4,7 +4,7 @@
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
- *
+ *
* Contributors:
* IBM Corporation - initial API and implementation
*******************************************************************************/
@@ -265,6 +265,18 @@ public class GitCloneTest extends GitTest {
}
@Test
+ public void testCloneBadUrlScheme() throws Exception {
+ URI workspaceLocation = createWorkspace(getMethodName());
+ String workspaceId = workspaceIdFromLocation(workspaceLocation);
+ JSONObject project = createProjectOrLink(workspaceLocation, getMethodName(), null);
+ IPath clonePath = getClonePath(workspaceId, project);
+
+ WebRequest request = new PostGitCloneRequest().setURIish("file:///path/to/other/users.git").setFilePath(clonePath).getWebRequest();
+ WebResponse response = webConversation.getResponse(request);
+ assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, response.getResponseCode());
+ }
+
+ @Test
public void testCloneMissingUserInfo() throws Exception {
URI workspaceLocation = createWorkspace(getMethodName());
String workspaceId = workspaceIdFromLocation(workspaceLocation);
@@ -791,7 +803,7 @@ public class GitCloneTest extends GitTest {
/**
* Get list of clones for the given workspace or path. When <code>path</code> is
* not <code>null</code> the result is narrowed to clones under the <code>path</code>.
- *
+ *
* @param workspaceId the workspace ID. Must be null if path is provided.
* @param path path under the workspace starting with project ID. Must be null if workspaceId is provided.
* @return the request