proto: Drop deprecated `http_host` field in UpdateRemoteMirror RPC

The `http_host` field was added in order to avoid DNS rebinding attacks. Callers would send us both the pre-resolved URL and the hostname so that we would directly connect to the pre-resolved address, but still be able to set the HTTP `Host` header as expected. This approach was replaced in favor of the new `resolved_address` field, where Gitaly receives the un-resolved URL and resolved IP address so that it can perform the mapping internally. We have thus deprecated the `http_host` field via cbdc529000 (proto: Deprecate `http_host` field, 2022-09-30). Remove the field for the UpdateRemoteMirror RPC. Changelog: removed
author: Patrick Steinhardt <psteinhardt@gitlab.com> 2023-05-04 09:35:21 +0300
committer: Patrick Steinhardt <psteinhardt@gitlab.com> 2023-05-04 09:40:54 +0300
commit: 683ad3dfa5bdd206ee00cf48c6c1703cba906997 (patch)
tree: 3eda0846e60c46e435ed681e1279eca781254192
parent: 6fd80aade3214bad3bb74b8875a94a6b1ee6aec6 (diff)
3 files changed, 10 insertions, 34 deletions
diff --git a/internal/gitaly/service/remote/update_remote_mirror.go b/internal/gitaly/service/remote/update_remote_mirror.go
index 53ba17322..da1e8565e 100644
--- a/internal/gitaly/service/remote/update_remote_mirror.go
+++ b/internal/gitaly/service/remote/update_remote_mirror.go
@@ -95,13 +95,6 @@ func (s *server) updateRemoteMirror(stream gitalypb.RemoteService_UpdateRemoteMi
 			Value: "Authorization: " + authHeader,
 		})
 	}
-	//nolint:staticcheck
-	if host := remote.GetHttpHost(); host != "" {
-		remoteConfig = append(remoteConfig, git.ConfigPair{
-			Key:   fmt.Sprintf("http.%s.extraHeader", remote.GetUrl()),
-			Value: "Host: " + host,
-		})
-	}
 
 	sshCommand, clean, err := git.BuildSSHInvocation(ctx, firstRequest.GetSshKey(), firstRequest.GetKnownHosts())
 	if err != nil {
diff --git a/proto/go/gitalypb/remote.pb.go b/proto/go/gitalypb/remote.pb.go
index 10d95dd97..9b9491da3 100644
--- a/proto/go/gitalypb/remote.pb.go
+++ b/proto/go/gitalypb/remote.pb.go
@@ -429,13 +429,6 @@ type UpdateRemoteMirrorRequest_Remote struct {
 	// HTTPAuthorizationHeader is an optional HTTP header used for
 	// authenticating against the remote repository.
 	HttpAuthorizationHeader string `protobuf:"bytes,2,opt,name=http_authorization_header,json=httpAuthorizationHeader,proto3" json:"http_authorization_header,omitempty"`
-	// HttpHost is the hostname of the remote repository. Use this when the
-	// URL hostname has already been resolved to an IP address to prevent DNS
-	// rebinding. This is deprecated as we will be using resolved_address
-	// going forward.
-	//
-	// Deprecated: Marked as deprecated in remote.proto.
-	HttpHost string `protobuf:"bytes,3,opt,name=http_host,json=httpHost,proto3" json:"http_host,omitempty"`
 	// ResolvedAddress holds the resolved IP address of the remote_url. This is
 	// used to avoid DNS rebinding by mapping the url to the resolved address.
 	// Only IPv4 dotted decimal ("192.0.2.1"), IPv6 ("2001:db8::68"), or IPv4-mapped
@@ -491,14 +484,6 @@ func (x *UpdateRemoteMirrorRequest_Remote) GetHttpAuthorizationHeader() string {
 	return ""
 }
 
-// Deprecated: Marked as deprecated in remote.proto.
-func (x *UpdateRemoteMirrorRequest_Remote) GetHttpHost() string {
-	if x != nil {
-		return x.HttpHost
-	}
-	return ""
-}
-
 func (x *UpdateRemoteMirrorRequest_Remote) GetResolvedAddress() string {
 	if x != nil {
 		return x.ResolvedAddress
@@ -512,7 +497,7 @@ var file_remote_proto_rawDesc = []byte{
 	0x0a, 0x0c, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06,
 	0x67, 0x69, 0x74, 0x61, 0x6c, 0x79, 0x1a, 0x0a, 0x6c, 0x69, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x1a, 0x0c, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x22, 0xec, 0x03, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x6d, 0x6f, 0x74,
+	0x22, 0xdc, 0x03, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x6d, 0x6f, 0x74,
 	0x65, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x38,
 	0x0a, 0x0a, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01,
 	0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x69, 0x74, 0x61, 0x6c, 0x79, 0x2e, 0x52, 0x65, 0x70, 0x6f,
@@ -531,17 +516,16 @@ var file_remote_proto_rawDesc = []byte{
 	0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x48, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x2e, 0x0a, 0x13, 0x6b, 0x65,
 	0x65, 0x70, 0x5f, 0x64, 0x69, 0x76, 0x65, 0x72, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x66,
 	0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x6b, 0x65, 0x65, 0x70, 0x44, 0x69, 0x76,
-	0x65, 0x72, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x73, 0x1a, 0xa2, 0x01, 0x0a, 0x06, 0x52,
+	0x65, 0x72, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x73, 0x1a, 0x92, 0x01, 0x0a, 0x06, 0x52,
 	0x65, 0x6d, 0x6f, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01,
 	0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x3a, 0x0a, 0x19, 0x68, 0x74, 0x74, 0x70, 0x5f,
 	0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x68, 0x65,
 	0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x68, 0x74, 0x74, 0x70,
 	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61,
-	0x64, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x09, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x6f, 0x73, 0x74,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x08, 0x68, 0x74, 0x74, 0x70,
-	0x48, 0x6f, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64,
-	0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f,
-	0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x4a,
+	0x64, 0x65, 0x72, 0x12, 0x29, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x5f,
+	0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x72,
+	0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x4a, 0x04,
+	0x08, 0x03, 0x10, 0x04, 0x52, 0x09, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x4a,
 	0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x08, 0x72, 0x65, 0x66, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x22,
 	0x43, 0x0a, 0x1a, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4d,
 	0x69, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x25, 0x0a,
diff --git a/proto/remote.proto b/proto/remote.proto
index fe8e1fa6a..a11e1ed22 100644
--- a/proto/remote.proto
+++ b/proto/remote.proto
@@ -51,11 +51,6 @@ message UpdateRemoteMirrorRequest {
     // HTTPAuthorizationHeader is an optional HTTP header used for
     // authenticating against the remote repository.
     string http_authorization_header = 2;
-    // HttpHost is the hostname of the remote repository. Use this when the
-    // URL hostname has already been resolved to an IP address to prevent DNS
-    // rebinding. This is deprecated as we will be using resolved_address
-    // going forward.
-    string http_host = 3 [deprecated=true];
     // ResolvedAddress holds the resolved IP address of the remote_url. This is
     // used to avoid DNS rebinding by mapping the url to the resolved address.
     // Only IPv4 dotted decimal ("192.0.2.1"), IPv6 ("2001:db8::68"), or IPv4-mapped
@@ -63,6 +58,10 @@ message UpdateRemoteMirrorRequest {
     // Works with HTTP/HTTPS/Git/SSH protocols.
     // Optional.
     string resolved_address = 4;
+
+    // HttpHost has been removed in favor of ResolvedAddress.
+    reserved 3;
+    reserved "http_host";
   }
 
   // Repository is the repository whose mirror repository to update.
author	Patrick Steinhardt <psteinhardt@gitlab.com>	2023-05-04 09:35:21 +0300
committer	Patrick Steinhardt <psteinhardt@gitlab.com>	2023-05-04 09:40:54 +0300
commit	683ad3dfa5bdd206ee00cf48c6c1703cba906997 (patch)
tree	3eda0846e60c46e435ed681e1279eca781254192
parent	6fd80aade3214bad3bb74b8875a94a6b1ee6aec6 (diff)