Skip to content

Commit

Permalink
feat: impl httpclient.safeCurl
Browse files Browse the repository at this point in the history
  • Loading branch information
killagu committed Jul 11, 2024
1 parent 52a03a8 commit 914e66a
Show file tree
Hide file tree
Showing 3 changed files with 67 additions and 0 deletions.
11 changes: 11 additions & 0 deletions lib/core/httpclient.js
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,17 @@ class HttpClient extends urllib.HttpClient2 {
async curl(...args) {
return await this.request(...args);
}

async safeCurl(url, options = {}) {
const ssrfConfig = this.app.config.security.ssrf;
if (ssrfConfig?.checkAddress) {
options.checkAddress = ssrfConfig.checkAddress;
} else {
this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first');
}

Check warning on line 54 in lib/core/httpclient.js

View check run for this annotation

Codecov / codecov/patch

lib/core/httpclient.js#L53-L54

Added lines #L53 - L54 were not covered by tests

return this.curl(url, options);
}
}

function normalizeConfig(app) {
Expand Down
16 changes: 16 additions & 0 deletions lib/core/httpclient_next.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
const { HttpClient } = require('urllib-next');
const ms = require('humanize-ms');
const SSRF_HTTPCLIENT = Symbol('SSRF_HTTPCLIENT');

class HttpClientNext extends HttpClient {
constructor(app, options) {
Expand Down Expand Up @@ -33,6 +34,21 @@ class HttpClientNext extends HttpClient {
async curl(...args) {
return await this.request(...args);
}

async safeCurl(url, options = {}) {
if (!this[SSRF_HTTPCLIENT]) {
const ssrfConfig = this.app.config.security.ssrf;
if (ssrfConfig?.checkAddress) {
options.checkAddress = ssrfConfig.checkAddress;
} else {
this.app.logger.warn('[egg-security] please configure `config.security.ssrf` first');
}

Check warning on line 45 in lib/core/httpclient_next.js

View check run for this annotation

Codecov / codecov/patch

lib/core/httpclient_next.js#L44-L45

Added lines #L44 - L45 were not covered by tests
this[SSRF_HTTPCLIENT] = new HttpClientNext(this.app, {
checkAddress: ssrfConfig.checkAddress,
});
}
return this[SSRF_HTTPCLIENT].request(url, options);
}
}

function normalizeConfig(app) {
Expand Down
40 changes: 40 additions & 0 deletions test/lib/core/httpclient.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,26 @@ describe('test/lib/core/httpclient.test.js', () => {
});
});

it('should support safeCurl', async () => {
let ip;
let family;
let host;
mm(client.app.config, 'security', {
ssrf: {
checkAddress(aIp, aFamilay, aHost) {
ip = aIp;
family = aFamilay;
host = aHost;
return true;
},
},
});
await client.safeCurl(url);
assert(ip);
assert(family);
assert(host);
});

describe('HttpClientNext', () => {
it('should request ok with log', async () => {
const args = {
Expand Down Expand Up @@ -145,6 +165,26 @@ describe('test/lib/core/httpclient.test.js', () => {
return true;
});
});

it('should support safeCurl', async () => {
let ip;
let family;
let host;
mm(clientNext.app.config, 'security', {
ssrf: {
checkAddress(aIp, aFamilay, aHost) {
ip = aIp;
family = aFamilay;
host = aHost;
return true;
},
},
});
await clientNext.safeCurl(url);
assert(ip);
assert(family);
assert(host);
});
});

describe('httpclient.httpAgent.timeout < 30000', () => {
Expand Down

0 comments on commit 914e66a

Please sign in to comment.