1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-26 17:37:36 +01:00

add proper URI validation to duo host (#1984)

This commit is contained in:
Kyle Spearrin 2022-05-09 12:00:05 -04:00 committed by GitHub
parent 43be1d3647
commit a5bfc0554b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 1 deletions

View File

@ -105,7 +105,7 @@ namespace Bit.Api.Models.Request
public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
{
if (!Host.StartsWith("api-") || (!Host.EndsWith(".duosecurity.com") && !Host.EndsWith(".duofederal.com")))
if (!Core.Utilities.Duo.DuoApi.ValidHost(Host))
{
yield return new ValidationResult("Host is invalid.", new string[] { nameof(Host) });
}

View File

@ -35,6 +35,21 @@ namespace Bit.Core.Utilities.Duo
_ikey = ikey;
_skey = skey;
_host = host;
if (!ValidHost(host))
{
throw new DuoException("Invalid Duo host configured.", new ArgumentException(nameof(host)));
}
}
public static bool ValidHost(string host)
{
if (Uri.TryCreate($"https://{host}", UriKind.Absolute, out var uri))
{
return uri.Host.StartsWith("api-") &&
(uri.Host.EndsWith(".duosecurity.com") || uri.Host.EndsWith(".duofederal.com"));
}
return false;
}
public static string CanonicalizeParams(Dictionary<string, string> parameters)
@ -246,6 +261,10 @@ namespace Bit.Core.Utilities.Duo
{
public int HttpStatus { get; private set; }
public DuoException(string message, Exception inner)
: base(message, inner)
{ }
public DuoException(int httpStatus, string message, Exception inner)
: base(message, inner)
{