diff options
| author | Joe Chen <jc@unknwon.io> | 2022-05-31 15:17:17 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-31 15:17:17 +0800 |
| commit | 7885f454a4946c4bbec1b4f8c603b5eea7429c7f (patch) | |
| tree | 00010af607268eef9f1adcb9d8f6d713f653ee34 /internal/route/repo/webhook.go | |
| parent | 90bc75229726a24a28507d3e8178f86734f112e1 (diff) | |
webhook: revalidate local hostname before each delivery (#6988)
Diffstat (limited to 'internal/route/repo/webhook.go')
| -rw-r--r-- | internal/route/repo/webhook.go | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/internal/route/repo/webhook.go b/internal/route/repo/webhook.go index bed0d0bd..c6ff312a 100644 --- a/internal/route/repo/webhook.go +++ b/internal/route/repo/webhook.go @@ -119,20 +119,17 @@ func WebhooksNew(c *context.Context, orCtx *orgRepoContext) { c.Success(orCtx.TmplNew) } -func validateWebhook(actor *db.User, l macaron.Locale, w *db.Webhook) (field, msg string, ok bool) { - if !actor.IsAdmin { - // 🚨 SECURITY: Local addresses must not be allowed by non-admins to prevent SSRF, - // see https://github.com/gogs/gogs/issues/5366 for details. - payloadURL, err := url.Parse(w.URL) - if err != nil { - return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_parse_payload_url", err), false - } - - if netutil.IsLocalHostname(payloadURL.Hostname(), conf.Security.LocalNetworkAllowlist) { - return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_use_local_addresses"), false - } +func validateWebhook(l macaron.Locale, w *db.Webhook) (field, msg string, ok bool) { + // 🚨 SECURITY: Local addresses must not be allowed by non-admins to prevent SSRF, + // see https://github.com/gogs/gogs/issues/5366 for details. + payloadURL, err := url.Parse(w.URL) + if err != nil { + return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_parse_payload_url", err), false } + if netutil.IsBlockedLocalHostname(payloadURL.Hostname(), conf.Security.LocalNetworkAllowlist) { + return "PayloadURL", l.Tr("repo.settings.webhook.url_resolved_to_blocked_local_address"), false + } return "", "", true } @@ -144,7 +141,7 @@ func validateAndCreateWebhook(c *context.Context, orCtx *orgRepoContext, w *db.W return } - field, msg, ok := validateWebhook(c.User, c.Locale, w) + field, msg, ok := validateWebhook(c.Locale, w) if !ok { c.FormErr(field) c.RenderWithErr(msg, orCtx.TmplNew, nil) @@ -348,7 +345,7 @@ func validateAndUpdateWebhook(c *context.Context, orCtx *orgRepoContext, w *db.W return } - field, msg, ok := validateWebhook(c.User, c.Locale, w) + field, msg, ok := validateWebhook(c.Locale, w) if !ok { c.FormErr(field) c.RenderWithErr(msg, orCtx.TmplNew, nil) |