-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(plugin-server): Validate
fetch
hostnames (#17183)
* chore(plugin-server): Validate fetch hostnames * Only apply Python host check on Cloud * Update tests to use valid hook URLs * Only apply plugin server host check in prod * Update URLs in a couple more tests * Only check hostnames on Cloud and remove port check * Fix fetch mocking * Roll out hostname guard per project * Fix fetch call assertions * Make `fetchHostnameGuardTeams` optional
- Loading branch information
Showing
24 changed files
with
279 additions
and
100 deletions.
There are no files selected for viewing
Binary file modified
BIN
-34.8 KB
(68%)
...napshots__/scenes-app-recordings--recordings-play-list-no-pinned-recordings.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,21 +1,73 @@ | ||
// This module wraps node-fetch with a sentry tracing-aware extension | ||
|
||
import fetch, { FetchError, Request, Response } from 'node-fetch' | ||
import { LookupAddress } from 'dns' | ||
import dns from 'dns/promises' | ||
import * as ipaddr from 'ipaddr.js' | ||
import fetch, { type RequestInfo, type RequestInit, type Response, FetchError, Request } from 'node-fetch' | ||
import { URL } from 'url' | ||
|
||
import { runInSpan } from '../sentry' | ||
|
||
function fetchWrapper(...args: Parameters<typeof fetch>): Promise<Response> { | ||
const request = new Request(...args) | ||
return runInSpan( | ||
export async function trackedFetch(url: RequestInfo, init?: RequestInit): Promise<Response> { | ||
const request = new Request(url, init) | ||
return await runInSpan( | ||
{ | ||
op: 'fetch', | ||
description: `${request.method} ${request.url}`, | ||
}, | ||
() => fetch(...args) | ||
async () => await fetch(url, init) | ||
) | ||
} | ||
|
||
fetchWrapper.isRedirect = fetch.isRedirect | ||
fetchWrapper.FetchError = FetchError | ||
trackedFetch.isRedirect = fetch.isRedirect | ||
trackedFetch.FetchError = FetchError | ||
|
||
export default fetchWrapper | ||
export async function safeTrackedFetch(url: RequestInfo, init?: RequestInit): Promise<Response> { | ||
const request = new Request(url, init) | ||
return await runInSpan( | ||
{ | ||
op: 'fetch', | ||
description: `${request.method} ${request.url}`, | ||
}, | ||
async () => { | ||
await raiseIfUserProvidedUrlUnsafe(request.url) | ||
return await fetch(url, init) | ||
} | ||
) | ||
} | ||
|
||
safeTrackedFetch.isRedirect = fetch.isRedirect | ||
safeTrackedFetch.FetchError = FetchError | ||
|
||
/** | ||
* Raise if the provided URL seems unsafe, otherwise do nothing. | ||
* | ||
* Equivalent of Django raise_if_user_provided_url_unsafe. | ||
*/ | ||
export async function raiseIfUserProvidedUrlUnsafe(url: string): Promise<void> { | ||
// Raise if the provided URL seems unsafe, otherwise do nothing. | ||
let parsedUrl: URL | ||
try { | ||
parsedUrl = new URL(url) | ||
} catch (err) { | ||
throw new FetchError('Invalid URL', 'posthog-host-guard') | ||
} | ||
if (!parsedUrl.hostname) { | ||
throw new FetchError('No hostname', 'posthog-host-guard') | ||
} | ||
if (parsedUrl.protocol !== 'http:' && parsedUrl.protocol !== 'https:') { | ||
throw new FetchError('Scheme must be either HTTP or HTTPS', 'posthog-host-guard') | ||
} | ||
let addrinfo: LookupAddress[] | ||
try { | ||
addrinfo = await dns.lookup(parsedUrl.hostname, { all: true }) | ||
} catch (err) { | ||
throw new FetchError('Invalid hostname', 'posthog-host-guard') | ||
} | ||
for (const { address } of addrinfo) { | ||
// Prevent addressing internal services | ||
if (ipaddr.parse(address).range() !== 'unicast') { | ||
throw new FetchError('Internal hostname', 'posthog-host-guard') | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.