diff options
author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2023-05-04 09:35:21 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2023-05-04 09:43:41 +0300 |
commit | 3a59e721e457b8cdb8613ba8605218bd2f5f565e (patch) | |
tree | a8fa845475f6d7940c962ee37440a0a6cb71568a | |
parent | a92a2b2a776060e5f19a6226a84d183e17ca0b2e (diff) |
proto: Drop deprecated `http_host` field in FetchRemote RPC
The `http_host` field was added in order to avoid DNS rebinding attacks.
Callers would send us both the pre-resolved URL and the hostname so that
we would directly connect to the pre-resolved address, but still be able
to set the HTTP `Host` header as expected. This approach was replaced
in favor of the new `resolved_address` field, where Gitaly receives the
un-resolved URL and resolved IP address so that it can perform the
mapping internally.
We have thus deprecated the `http_host` field via cbdc529000 (proto:
Deprecate `http_host` field, 2022-09-30). Remove the field for the
FetchRemote RPC.
Changelog: removed
-rw-r--r-- | internal/gitaly/service/repository/fetch_remote.go | 8 | ||||
-rw-r--r-- | internal/gitaly/service/repository/fetch_remote_test.go | 14 | ||||
-rw-r--r-- | proto/go/gitalypb/repository.pb.go | 27 | ||||
-rw-r--r-- | proto/repository.proto | 7 |
4 files changed, 11 insertions, 45 deletions
diff --git a/internal/gitaly/service/repository/fetch_remote.go b/internal/gitaly/service/repository/fetch_remote.go index c0ad9293e..fd20156b2 100644 --- a/internal/gitaly/service/repository/fetch_remote.go +++ b/internal/gitaly/service/repository/fetch_remote.go @@ -66,14 +66,6 @@ func (s *server) FetchRemote(ctx context.Context, req *gitalypb.FetchRemoteReque }) } - //nolint: staticcheck - if host := req.GetRemoteParams().GetHttpHost(); host != "" { - config = append(config, git.ConfigPair{ - Key: fmt.Sprintf("http.%s.extraHeader", req.GetRemoteParams().GetUrl()), - Value: "Host: " + host, - }) - } - opts.CommandOptions = append(opts.CommandOptions, git.WithConfigEnv(config...)) sshCommand, cleanup, err := git.BuildSSHInvocation(ctx, req.GetSshKey(), req.GetKnownHosts()) diff --git a/internal/gitaly/service/repository/fetch_remote_test.go b/internal/gitaly/service/repository/fetch_remote_test.go index 7551c2462..c53dec759 100644 --- a/internal/gitaly/service/repository/fetch_remote_test.go +++ b/internal/gitaly/service/repository/fetch_remote_test.go @@ -28,14 +28,9 @@ import ( const ( httpToken = "ABCefg0999182" - httpHost = "example.com" ) func gitRequestValidation(w http.ResponseWriter, r *http.Request, next http.Handler) { - if r.Host != httpHost { - http.Error(w, "No Host", http.StatusBadRequest) - return - } if r.Header.Get("Authorization") != httpToken { http.Error(w, "Unauthorized", http.StatusUnauthorized) return @@ -784,7 +779,6 @@ func TestFetchRemote(t *testing.T) { RemoteParams: &gitalypb.Remote{ Url: fmt.Sprintf("http://127.0.0.1:%d/%s", port, "invalid/repo/path.git"), HttpAuthorizationHeader: httpToken, - HttpHost: httpHost, }, }, runs: []run{ @@ -813,7 +807,6 @@ func TestFetchRemote(t *testing.T) { RemoteParams: &gitalypb.Remote{ Url: fmt.Sprintf("http://127.0.0.1:%d/%s", port, filepath.Base(remoteRepoPath)), HttpAuthorizationHeader: httpToken, - HttpHost: httpHost, }, }, runs: []run{ @@ -841,8 +834,7 @@ func TestFetchRemote(t *testing.T) { request: &gitalypb.FetchRemoteRequest{ Repository: repoProto, RemoteParams: &gitalypb.Remote{ - Url: fmt.Sprintf("http://127.0.0.1:%d/%s", port, filepath.Base(remoteRepoPath)), - HttpHost: httpHost, + Url: fmt.Sprintf("http://127.0.0.1:%d/%s", port, filepath.Base(remoteRepoPath)), }, }, runs: []run{ @@ -871,8 +863,7 @@ func TestFetchRemote(t *testing.T) { request: &gitalypb.FetchRemoteRequest{ Repository: repoProto, RemoteParams: &gitalypb.Remote{ - Url: fmt.Sprintf("http://127.0.0.1:%d/%s", port, filepath.Base(remoteRepoPath)), - HttpHost: httpHost, + Url: fmt.Sprintf("http://127.0.0.1:%d/%s", port, filepath.Base(remoteRepoPath)), }, }, runs: []run{ @@ -905,7 +896,6 @@ func TestFetchRemote(t *testing.T) { RemoteParams: &gitalypb.Remote{ Url: fmt.Sprintf("http://127.0.0.1:%d/%s", port, filepath.Base(remoteRepoPath)), HttpAuthorizationHeader: httpToken, - HttpHost: httpHost, }, Timeout: 1, }, diff --git a/proto/go/gitalypb/repository.pb.go b/proto/go/gitalypb/repository.pb.go index 2a232ffa2..d12d5ee06 100644 --- a/proto/go/gitalypb/repository.pb.go +++ b/proto/go/gitalypb/repository.pb.go @@ -3839,12 +3839,6 @@ type Remote struct { // // If no refspecs are given, this defaults to "all_refs". MirrorRefmaps []string `protobuf:"bytes,4,rep,name=mirror_refmaps,json=mirrorRefmaps,proto3" json:"mirror_refmaps,omitempty"` - // HttpHost is the hostname of the remote repository. Use this when the - // URL hostname has already been resolved to an IP address to prevent DNS - // rebinding. This is deprecated as this field is/was never used. - // - // Deprecated: Marked as deprecated in repository.proto. - HttpHost string `protobuf:"bytes,5,opt,name=http_host,json=httpHost,proto3" json:"http_host,omitempty"` // ResolvedAddress holds the resolved IP address of the remote_url. This is // used to avoid DNS rebinding by mapping the url to the resolved address. // Only IPv4 dotted decimal ("192.0.2.1"), IPv6 ("2001:db8::68"), or IPv4-mapped @@ -3907,14 +3901,6 @@ func (x *Remote) GetMirrorRefmaps() []string { return nil } -// Deprecated: Marked as deprecated in repository.proto. -func (x *Remote) GetHttpHost() string { - if x != nil { - return x.HttpHost - } - return "" -} - func (x *Remote) GetResolvedAddress() string { if x != nil { return x.ResolvedAddress @@ -5481,7 +5467,7 @@ var file_repository_proto_rawDesc = []byte{ 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x44, 0x61, 0x74, 0x61, 0x12, 0x20, 0x0a, 0x0c, 0x65, 0x6e, 0x64, 0x5f, 0x6f, 0x66, 0x5f, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x65, 0x6e, 0x64, - 0x4f, 0x66, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x22, 0xd5, 0x01, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, + 0x4f, 0x66, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x22, 0xc5, 0x01, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x3a, 0x0a, 0x19, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, @@ -5489,12 +5475,11 @@ var file_repository_proto_rawDesc = []byte{ 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x72, 0x65, 0x66, 0x6d, 0x61, 0x70, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, - 0x52, 0x65, 0x66, 0x6d, 0x61, 0x70, 0x73, 0x12, 0x1f, 0x0a, 0x09, 0x68, 0x74, 0x74, 0x70, 0x5f, - 0x68, 0x6f, 0x73, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x08, - 0x68, 0x74, 0x74, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, - 0x6c, 0x76, 0x65, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0f, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, - 0x65, 0x73, 0x73, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, + 0x52, 0x65, 0x66, 0x6d, 0x61, 0x70, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x72, 0x65, 0x73, 0x6f, 0x6c, + 0x76, 0x65, 0x64, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0f, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x64, 0x41, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x52, 0x09, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x22, 0x59, 0x0a, 0x1d, 0x47, 0x65, 0x74, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x38, 0x0a, 0x0a, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x18, 0x01, diff --git a/proto/repository.proto b/proto/repository.proto index 9a06c4ba2..da8027c81 100644 --- a/proto/repository.proto +++ b/proto/repository.proto @@ -1019,10 +1019,6 @@ message Remote { // // If no refspecs are given, this defaults to "all_refs". repeated string mirror_refmaps = 4; - // HttpHost is the hostname of the remote repository. Use this when the - // URL hostname has already been resolved to an IP address to prevent DNS - // rebinding. This is deprecated as this field is/was never used. - string http_host = 5 [deprecated=true]; // ResolvedAddress holds the resolved IP address of the remote_url. This is // used to avoid DNS rebinding by mapping the url to the resolved address. // Only IPv4 dotted decimal ("192.0.2.1"), IPv6 ("2001:db8::68"), or IPv4-mapped @@ -1039,6 +1035,9 @@ message Remote { // field was at best confusing and useless and at worst actively harmful. reserved 2; reserved "name"; + // HttpHost has been removed in favor of ResolvedAddress. + reserved 5; + reserved "http_host"; } // This comment is left unintentionally blank. |