Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(plugin-server): Validate fetch hostnames #17183

Merged
merged 12 commits into from
Sep 18, 2023
Merged

chore(plugin-server): Validate fetch hostnames #17183

merged 12 commits into from
Sep 18, 2023

Conversation

Twixes
Copy link
Member

@Twixes Twixes commented Aug 24, 2023

Changes

The plugin server equivalent of #17147. Note that this introduces some performance overhead in the form of DNS resolution, so we'll need to monitor fetch timing metrics after deploying this.

@Twixes Twixes requested review from tiina303 and ellie August 24, 2023 16:02
Twixes
Twixes commented Aug 24, 2023
View reviewed changes
plugin-server/src/utils/fetch.ts Outdated
Comment on lines 65 to 64
if (ipaddr.parse(address).range() !== 'unicast') {
throw new FetchError('Invalid hostname', 'posthog-host-guard')
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if it makes any sense to also support ranges such as mulitcast, Teredo, or 6to4? @ellie

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would make sense, but can be done in a follow up

@Twixes Twixes force-pushed the validate-app-fetch branch 5 times, most recently from 72226ef to be6fbaa Compare August 25, 2023 14:55
@Twixes Twixes force-pushed the validate-app-fetch branch from be6fbaa to a030f1f Compare August 25, 2023 16:06
ellie
ellie approved these changes Aug 30, 2023
View reviewed changes
Copy link
Contributor

@ellie ellie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally LGTM, though it's been a while since I've written {Type|Java}Script. 👀 from @PostHog/team-pipeline would also be great!

I'm correct in saying this is a NOP for all not-opted-in teams?

plugin-server/src/worker/ingestion/hooks.ts
@@ -399,8 +404,10 @@ export class HookCommander {
`⌛⌛⌛ Posting RestHook slow. Timeout warning after 5 sec! url=${hook.target} team_id=${event.teamId} event_id=${event.eventUuid}`
)
}, 5000)
const relevantFetch =
isCloud() && this.fetchHostnameGuardTeams.has(hook.team_id) ? safeTrackedFetch : trackedFetch
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just calling out this line to any other reviewers as being the "opt in"

@Twixes
Copy link
Member Author

Twixes commented Aug 30, 2023

Yup @ellie merging this should have zero effect until the FETCH_HOSTNAME_GUARD_TEAMS env var is set in posthog-cloud-infra

tiina303
tiina303 approved these changes Sep 4, 2023
View reviewed changes
Copy link
Contributor

@tiina303 tiina303 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙇‍♀️

plugin-server/src/worker/ingestion/hooks.ts Outdated
@@ -264,11 +266,13 @@ export class HookCommander {
postgres: PostgresRouter,
teamManager: TeamManager,
organizationManager: OrganizationManager,
fetchHostnameGuardTeams: Set<number>,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since we're going to remove it in the future and have all teams opt into this I'd add it as the last arg and optional, so there's less test changes needed when removing

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense, made optional – although didn't put it last, because we never pass statsd in in these tests, while we do pass this

@posthog-bot
Copy link
Contributor

This PR hasn't seen activity in a week! Should it be merged, closed, or further worked on? If you want to keep it open, post a comment or remove the stale label – otherwise this will be closed in another week.

@mariusandra mariusandra removed the stale label Sep 12, 2023
@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

1 snapshot changes in total. 0 added, 1 modified, 0 deleted:

  • chromium: 0 added, 1 modified, 0 deleted (diff for shard 1)
  • webkit: 0 added, 0 modified, 0 deleted

Triggered by this commit.

👉 Review this PR's diff of snapshots.

@posthog-bot
Copy link
Contributor

📸 UI snapshots have been updated

1 snapshot changes in total. 0 added, 1 modified, 0 deleted:

  • chromium: 0 added, 1 modified, 0 deleted (diff for shard 1)
  • webkit: 0 added, 0 modified, 0 deleted

Triggered by this commit.

👉 Review this PR's diff of snapshots.

@PostHog PostHog deleted a comment from posthog-bot Sep 18, 2023
@PostHog PostHog deleted a comment from posthog-bot Sep 18, 2023
@Twixes Twixes merged commit b7fe004 into master Sep 18, 2023
@Twixes Twixes deleted the validate-app-fetch branch September 18, 2023 12:38
@Twixes Twixes mentioned this pull request Sep 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ellie ellie ellie approved these changes

@tiina303 tiina303 tiina303 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Twixes @posthog-bot @tiina303 @ellie @mariusandra