diff options
author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2023-05-04 09:35:21 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2023-05-04 09:40:54 +0300 |
commit | 683ad3dfa5bdd206ee00cf48c6c1703cba906997 (patch) | |
tree | 3eda0846e60c46e435ed681e1279eca781254192 | |
parent | 6fd80aade3214bad3bb74b8875a94a6b1ee6aec6 (diff) |
proto: Drop deprecated `http_host` field in UpdateRemoteMirror RPC
The `http_host` field was added in order to avoid DNS rebinding attacks.
Callers would send us both the pre-resolved URL and the hostname so that
we would directly connect to the pre-resolved address, but still be able
to set the HTTP `Host` header as expected. This approach was replaced
in favor of the new `resolved_address` field, where Gitaly receives the
un-resolved URL and resolved IP address so that it can perform the
mapping internally.
We have thus deprecated the `http_host` field via cbdc529000 (proto:
Deprecate `http_host` field, 2022-09-30). Remove the field for the
UpdateRemoteMirror RPC.
Changelog: removed
-rw-r--r-- | internal/gitaly/service/remote/update_remote_mirror.go | 7 | ||||
-rw-r--r-- | proto/go/gitalypb/remote.pb.go | 28 | ||||
-rw-r--r-- | proto/remote.proto | 9 |
3 files changed, 10 insertions, 34 deletions
diff --git a/internal/gitaly/service/remote/update_remote_mirror.go b/internal/gitaly/service/remote/update_remote_mirror.go index 53ba17322..da1e8565e 100644 --- a/internal/gitaly/service/remote/update_remote_mirror.go +++ b/internal/gitaly/service/remote/update_remote_mirror.go @@ -95,13 +95,6 @@ func (s *server) updateRemoteMirror(stream gitalypb.RemoteService_UpdateRemoteMi Value: "Authorization: " + authHeader, }) } - //nolint:staticcheck - if host := remote.GetHttpHost(); host != "" { - remoteConfig = append(remoteConfig, git.ConfigPair{ - Key: fmt.Sprintf("http.%s.extraHeader", remote.GetUrl()), - Value: "Host: " + host, - }) - } sshCommand, clean, err := git.BuildSSHInvocation(ctx, firstRequest.GetSshKey(), firstRequest.GetKnownHosts()) if err != nil { diff --git a/proto/go/gitalypb/remote.pb.go b/proto/go/gitalypb/remote.pb.go index 10d95dd97..9b9491da3 100644 --- a/proto/go/gitalypb/remote.pb.go +++ b/proto/go/gitalypb/remote.pb.go @@ -429,13 +429,6 @@ type UpdateRemoteMirrorRequest_Remote struct { // HTTPAuthorizationHeader is an optional HTTP header used for // authenticating against the remote repository. HttpAuthorizationHeader string `protobuf:"bytes,2,opt,name=http_authorization_header,json=httpAuthorizationHeader,proto3" json:"http_authorization_header,omitempty"` - // HttpHost is the hostname of the remote repository. Use this when the - // URL hostname has already been resolved to an IP address to prevent DNS - // rebinding. This is deprecated as we will be using resolved_address - // going forward. - // - // Deprecated: Marked as deprecated in remote.proto. - HttpHost string `protobuf:"bytes,3,opt,name=http_host,json=httpHost,proto3" json:"http_host,omitempty"` // ResolvedAddress holds the resolved IP address of the remote_url. This is // used to avoid DNS rebinding by mapping the url to the resolved address. // Only IPv4 dotted decimal ("192.0.2.1"), IPv6 ("2001:db8::68"), or IPv4-mapped @@ -491,14 +484,6 @@ func (x *UpdateRemoteMirrorRequest_Remote) GetHttpAuthorizationHeader() string { return "" } -// Deprecated: Marked as deprecated in remote.proto. -func (x *UpdateRemoteMirrorRequest_Remote) GetHttpHost() string { - if x != nil { - return x.HttpHost - } - return "" -} - func (x *UpdateRemoteMirrorRequest_Remote) GetResolvedAddress() string { if x != nil { return x.ResolvedAddress @@ -512,7 +497,7 @@ var file_remote_proto_rawDesc = []byte{ 0x0a, 0x0c, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, 0x67, 0x69, 0x74, 0x61, 0x6c, 0x79, 0x1a, 0x0a, 0x6c, 0x69, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0c, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0xec, 0x03, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x6d, 0x6f, 0x74, + 0x22, 0xdc, 0x03, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x38, 0x0a, 0x0a, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x69, 0x74, 0x61, 0x6c, 0x79, 0x2e, 0x52, 0x65, 0x70, 0x6f, @@ -531,17 +516,16 @@ var file_remote_proto_rawDesc = []byte{ 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x48, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x2e, 0x0a, 0x13, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x64, 0x69, 0x76, 0x65, 0x72, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x6b, 0x65, 0x65, 0x70, 0x44, 0x69, 0x76, - 0x65, 0x72, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x73, 0x1a, 0xa2, 0x01, 0x0a, 0x06, 0x52, + 0x65, 0x72, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x73, 0x1a, 0x92, 0x01, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x3a, 0x0a, 0x19, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x68, 0x74, 0x74, 0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x09, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x6f, 0x73, 0x74, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x08, 0x68, 0x74, 0x74, 0x70, - 0x48, 0x6f, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, - 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, - 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x4a, + 0x64, 0x65, 0x72, 0x12, 0x29, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x5f, + 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x72, + 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x4a, 0x04, + 0x08, 0x03, 0x10, 0x04, 0x52, 0x09, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x08, 0x72, 0x65, 0x66, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x43, 0x0a, 0x1a, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x25, 0x0a, diff --git a/proto/remote.proto b/proto/remote.proto index fe8e1fa6a..a11e1ed22 100644 --- a/proto/remote.proto +++ b/proto/remote.proto @@ -51,11 +51,6 @@ message UpdateRemoteMirrorRequest { // HTTPAuthorizationHeader is an optional HTTP header used for // authenticating against the remote repository. string http_authorization_header = 2; - // HttpHost is the hostname of the remote repository. Use this when the - // URL hostname has already been resolved to an IP address to prevent DNS - // rebinding. This is deprecated as we will be using resolved_address - // going forward. - string http_host = 3 [deprecated=true]; // ResolvedAddress holds the resolved IP address of the remote_url. This is // used to avoid DNS rebinding by mapping the url to the resolved address. // Only IPv4 dotted decimal ("192.0.2.1"), IPv6 ("2001:db8::68"), or IPv4-mapped @@ -63,6 +58,10 @@ message UpdateRemoteMirrorRequest { // Works with HTTP/HTTPS/Git/SSH protocols. // Optional. string resolved_address = 4; + + // HttpHost has been removed in favor of ResolvedAddress. + reserved 3; + reserved "http_host"; } // Repository is the repository whose mirror repository to update. |