Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: impl httpclient.safeCurl #5339

Merged
merged 3 commits into from
Jul 11, 2024
Merged

feat: impl httpclient.safeCurl #5339

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
914e66a
feat: impl httpclient.safeCurl
killagu Jul 11, 2024
5aa9b67
Update httpclient.js
fengmk2 Jul 11, 2024
4a66aeb
Update httpclient_next.js
fengmk2 Jul 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions lib/core/httpclient.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,17 @@ class HttpClient extends urllib.HttpClient2 {
async curl(...args) {
return await this.request(...args);
}

async safeCurl(url, options = {}) {
const ssrfConfig = this.app.config.security.ssrf;
if (ssrfConfig?.checkAddress) {
options.checkAddress = ssrfConfig.checkAddress;
} else {
this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first');
}

return await this.curl(url, options);
}
}

function normalizeConfig(app) {
Expand Down
16 changes: 16 additions & 0 deletions lib/core/httpclient_next.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
const { HttpClient } = require('urllib-next');
const ms = require('humanize-ms');
const SSRF_HTTPCLIENT = Symbol('SSRF_HTTPCLIENT');

class HttpClientNext extends HttpClient {
constructor(app, options) {
Expand Down Expand Up @@ -33,6 +34,21 @@ class HttpClientNext extends HttpClient {
async curl(...args) {
return await this.request(...args);
}

async safeCurl(url, options = {}) {
if (!this[SSRF_HTTPCLIENT]) {
const ssrfConfig = this.app.config.security.ssrf;
if (ssrfConfig?.checkAddress) {
options.checkAddress = ssrfConfig.checkAddress;
} else {
this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first');
}
this[SSRF_HTTPCLIENT] = new HttpClientNext(this.app, {
checkAddress: ssrfConfig.checkAddress,
});
}
return this[SSRF_HTTPCLIENT].request(url, options);
}
}

function normalizeConfig(app) {
Expand Down
40 changes: 40 additions & 0 deletions test/lib/core/httpclient.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,26 @@ describe('test/lib/core/httpclient.test.js', () => {
});
});

it('should support safeCurl', async () => {
let ip;
let family;
let host;
mm(client.app.config, 'security', {
ssrf: {
checkAddress(aIp, aFamilay, aHost) {
ip = aIp;
family = aFamilay;
host = aHost;
return true;
},
},
});
await client.safeCurl(url);
assert(ip);
assert(family);
assert(host);
});

describe('HttpClientNext', () => {
it('should request ok with log', async () => {
const args = {
Expand Down Expand Up @@ -145,6 +165,26 @@ describe('test/lib/core/httpclient.test.js', () => {
return true;
});
});

it('should support safeCurl', async () => {
let ip;
let family;
let host;
mm(clientNext.app.config, 'security', {
ssrf: {
checkAddress(aIp, aFamilay, aHost) {
ip = aIp;
family = aFamilay;
host = aHost;
return true;
},
},
});
await clientNext.safeCurl(url);
assert(ip);
assert(family);
assert(host);
});
});

describe('httpclient.httpAgent.timeout < 30000', () => {
Expand Down
Loading