From 914e66a463b667a83306584af4d6568103c78dd2 Mon Sep 17 00:00:00 2001 From: killagu Date: Thu, 11 Jul 2024 22:08:54 +0800 Subject: [PATCH 1/3] feat: impl httpclient.safeCurl --- lib/core/httpclient.js | 11 +++++++++ lib/core/httpclient_next.js | 16 +++++++++++++ test/lib/core/httpclient.test.js | 40 ++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+) diff --git a/lib/core/httpclient.js b/lib/core/httpclient.js index a270a8c026..10a54b9afb 100644 --- a/lib/core/httpclient.js +++ b/lib/core/httpclient.js @@ -44,6 +44,17 @@ class HttpClient extends urllib.HttpClient2 { async curl(...args) { return await this.request(...args); } + + async safeCurl(url, options = {}) { + const ssrfConfig = this.app.config.security.ssrf; + if (ssrfConfig?.checkAddress) { + options.checkAddress = ssrfConfig.checkAddress; + } else { + this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first'); + } + + return this.curl(url, options); + } } function normalizeConfig(app) { diff --git a/lib/core/httpclient_next.js b/lib/core/httpclient_next.js index 1a18e6ce23..8f75b4ad2d 100644 --- a/lib/core/httpclient_next.js +++ b/lib/core/httpclient_next.js @@ -1,5 +1,6 @@ const { HttpClient } = require('urllib-next'); const ms = require('humanize-ms'); +const SSRF_HTTPCLIENT = Symbol('SSRF_HTTPCLIENT'); class HttpClientNext extends HttpClient { constructor(app, options) { @@ -33,6 +34,21 @@ class HttpClientNext extends HttpClient { async curl(...args) { return await this.request(...args); } + + async safeCurl(url, options = {}) { + if (!this[SSRF_HTTPCLIENT]) { + const ssrfConfig = this.app.config.security.ssrf; + if (ssrfConfig?.checkAddress) { + options.checkAddress = ssrfConfig.checkAddress; + } else { + this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first'); + } + this[SSRF_HTTPCLIENT] = new HttpClientNext(this.app, { + checkAddress: ssrfConfig.checkAddress, + }); + } + return this[SSRF_HTTPCLIENT].request(url, options); + } } function normalizeConfig(app) { diff --git a/test/lib/core/httpclient.test.js b/test/lib/core/httpclient.test.js index a98daf7390..e0b26b0da3 100644 --- a/test/lib/core/httpclient.test.js +++ b/test/lib/core/httpclient.test.js @@ -98,6 +98,26 @@ describe('test/lib/core/httpclient.test.js', () => { }); }); + it('should support safeCurl', async () => { + let ip; + let family; + let host; + mm(client.app.config, 'security', { + ssrf: { + checkAddress(aIp, aFamilay, aHost) { + ip = aIp; + family = aFamilay; + host = aHost; + return true; + }, + }, + }); + await client.safeCurl(url); + assert(ip); + assert(family); + assert(host); + }); + describe('HttpClientNext', () => { it('should request ok with log', async () => { const args = { @@ -145,6 +165,26 @@ describe('test/lib/core/httpclient.test.js', () => { return true; }); }); + + it('should support safeCurl', async () => { + let ip; + let family; + let host; + mm(clientNext.app.config, 'security', { + ssrf: { + checkAddress(aIp, aFamilay, aHost) { + ip = aIp; + family = aFamilay; + host = aHost; + return true; + }, + }, + }); + await clientNext.safeCurl(url); + assert(ip); + assert(family); + assert(host); + }); }); describe('httpclient.httpAgent.timeout < 30000', () => { From 5aa9b67b9ebc1de779c91adfdd61f89ff56fcad8 Mon Sep 17 00:00:00 2001 From: fengmk2 Date: Fri, 12 Jul 2024 00:10:28 +0800 Subject: [PATCH 2/3] Update httpclient.js --- lib/core/httpclient.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/httpclient.js b/lib/core/httpclient.js index 10a54b9afb..97b167b0e0 100644 --- a/lib/core/httpclient.js +++ b/lib/core/httpclient.js @@ -53,7 +53,7 @@ class HttpClient extends urllib.HttpClient2 { this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first'); } - return this.curl(url, options); + return await this.curl(url, options); } } From 4a66aebb924266007d3071df29d53304c59e9d97 Mon Sep 17 00:00:00 2001 From: fengmk2 Date: Fri, 12 Jul 2024 00:11:34 +0800 Subject: [PATCH 3/3] Update httpclient_next.js --- lib/core/httpclient_next.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/httpclient_next.js b/lib/core/httpclient_next.js index 8f75b4ad2d..7d0fc4afea 100644 --- a/lib/core/httpclient_next.js +++ b/lib/core/httpclient_next.js @@ -47,7 +47,7 @@ class HttpClientNext extends HttpClient { checkAddress: ssrfConfig.checkAddress, }); } - return this[SSRF_HTTPCLIENT].request(url, options); + return await this[SSRF_HTTPCLIENT].request(url, options); } }