mirror of https://github.com/goharbor/harbor.git
[cherry-pick] Limit URL to local site (#20023)
Limit url to local path Signed-off-by: stonezdj <daojunz@vmware.com> Co-authored-by: stonezdj <daojunz@vmware.com>
This commit is contained in:
parent
3356196fab
commit
9115b9f34f
|
@ -342,3 +342,8 @@ func MostMatchSorter(a, b string, matchWord string) bool {
|
||||||
}
|
}
|
||||||
return len(a) < len(b)
|
return len(a) < len(b)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsLocalPath checks if path is local
|
||||||
|
func IsLocalPath(path string) bool {
|
||||||
|
return strings.HasPrefix(path, "/") && !strings.HasPrefix(path, "//")
|
||||||
|
}
|
||||||
|
|
|
@ -486,3 +486,25 @@ func TestValidateCronString(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIsLocalPath(t *testing.T) {
|
||||||
|
type args struct {
|
||||||
|
path string
|
||||||
|
}
|
||||||
|
tests := []struct {
|
||||||
|
name string
|
||||||
|
args args
|
||||||
|
want bool
|
||||||
|
}{
|
||||||
|
{"normal test", args{"/harbor/project"}, true},
|
||||||
|
{"failed", args{"www.myexample.com"}, false},
|
||||||
|
{"other_site1", args{"//www.myexample.com"}, false},
|
||||||
|
{"other_site2", args{"https://www.myexample.com"}, false},
|
||||||
|
{"other_site", args{"http://www.myexample.com"}, false},
|
||||||
|
}
|
||||||
|
for _, tt := range tests {
|
||||||
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
assert.Equalf(t, tt.want, IsLocalPath(tt.args.path), "IsLocalPath(%v)", tt.args.path)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -63,7 +63,13 @@ func (oc *OIDCController) RedirectLogin() {
|
||||||
oc.SendInternalServerError(err)
|
oc.SendInternalServerError(err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err := oc.SetSession(redirectURLKey, oc.Ctx.Request.URL.Query().Get("redirect_url")); err != nil {
|
redirectURL := oc.Ctx.Request.URL.Query().Get("redirect_url")
|
||||||
|
if !utils.IsLocalPath(redirectURL) {
|
||||||
|
log.Errorf("invalid redirect url: %v", redirectURL)
|
||||||
|
oc.SendBadRequestError(fmt.Errorf("cannot redirect to other site"))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if err := oc.SetSession(redirectURLKey, redirectURL); err != nil {
|
||||||
log.Errorf("failed to set session for key: %s, error: %v", redirectURLKey, err)
|
log.Errorf("failed to set session for key: %s, error: %v", redirectURLKey, err)
|
||||||
oc.SendInternalServerError(err)
|
oc.SendInternalServerError(err)
|
||||||
return
|
return
|
||||||
|
|
Loading…
Reference in New Issue