Fixed an issue where redirects to socket path-based servers from any server was always allowed.

dimitribouniol · dimitribouniol · commit 9db6474255ff · 2020-06-20T10:18:38.000-07:00
Motivation: An arbitrary HTTP(S) server should not be able to trigger redirects, and thus activity, to a local socket-path based server, though the opposite may be a valid scenario. Currently, requests in either direction are allowed since the checks don't actually check the destination scheme. Modifications: - Refactored `hostSchemes`/`unixSchemes` to `hostRestrictedSchemes`/`allSupportedSchemes`, which better describes what they do. - Refactored `Request.supports()` to `Request.supportsRedirects(to:)` since it is only used by Redirects now. - Check the destination URL's scheme rather than the current URL's scheme when validating a redirect. Result: Closes #230
diff --git a/Sources/AsyncHTTPClient/HTTPHandler.swift b/Sources/AsyncHTTPClient/HTTPHandler.swift
@@ -107,8 +107,8 @@ extension HTTPClient {
             /// UNIX Domain Socket HTTP request.
             case unixSocket(_ scheme: UnixScheme)
 
-            private static var hostSchemes = ["http", "https"]
-            private static var unixSchemes = ["unix", "http+unix", "https+unix"]
+            private static var hostRestrictedSchemes: Set = ["http", "https"]
+            private static var allSupportedSchemes: Set = ["http", "https", "unix", "http+unix", "https+unix"]
 
             init(forScheme scheme: String) throws {
                 switch scheme {
@@ -158,12 +158,14 @@ extension HTTPClient {
                 }
             }
 
-            func supports(scheme: String) -> Bool {
+            func supportsRedirects(to scheme: String?) -> Bool {
+                guard let scheme = scheme?.lowercased() else { return false }
+
                 switch self {
                 case .host:
-                    return Kind.hostSchemes.contains(scheme)
+                    return Kind.hostRestrictedSchemes.contains(scheme)
                 case .unixSocket:
-                    return Kind.unixSchemes.contains(scheme)
+                    return Kind.allSupportedSchemes.contains(scheme)
                 }
             }
         }
@@ -1049,7 +1051,7 @@ internal struct RedirectHandler<ResponseType> {
             return nil
         }
 
-        guard self.request.kind.supports(scheme: self.request.scheme) else {
+        guard self.request.kind.supportsRedirects(to: url.scheme) else {
             return nil
         }
 

Original file line number	Diff line number	Diff line change
`@@ -107,8 +107,8 @@ extension HTTPClient {`
`107`	`107`	`/// UNIX Domain Socket HTTP request.`
`108`	`108`	`case unixSocket(_ scheme: UnixScheme)`
`109`	`109`
`110`		`- private static var hostSchemes = ["http", "https"]`
`111`		`- private static var unixSchemes = ["unix", "http+unix", "https+unix"]`
	`110`	`+ private static var hostRestrictedSchemes: Set = ["http", "https"]`
	`111`	`+ private static var allSupportedSchemes: Set = ["http", "https", "unix", "http+unix", "https+unix"]`
`112`	`112`
`113`	`113`	`init(forScheme scheme: String) throws {`
`114`	`114`	`switch scheme {`
`@@ -158,12 +158,14 @@ extension HTTPClient {`
`158`	`158`	`}`
`159`	`159`	`}`
`160`	`160`
`161`		`- func supports(scheme: String) -> Bool {`
	`161`	`+ func supportsRedirects(to scheme: String?) -> Bool {`
	`162`	`+ guard let scheme = scheme?.lowercased() else { return false }`
	`163`	`+`
`162`	`164`	`switch self {`
`163`	`165`	`case .host:`
`164`		`- return Kind.hostSchemes.contains(scheme)`
	`166`	`+ return Kind.hostRestrictedSchemes.contains(scheme)`
`165`	`167`	`case .unixSocket:`
`166`		`- return Kind.unixSchemes.contains(scheme)`
	`168`	`+ return Kind.allSupportedSchemes.contains(scheme)`
`167`	`169`	`}`
`168`	`170`	`}`
`169`	`171`	`}`
`@@ -1049,7 +1051,7 @@ internal struct RedirectHandler<ResponseType> {`
`1049`	`1051`	`return nil`
`1050`	`1052`	`}`
`1051`	`1053`
`1052`		`- guard self.request.kind.supports(scheme: self.request.scheme) else {`
	`1054`	`+ guard self.request.kind.supportsRedirects(to: url.scheme) else {`
`1053`	`1055`	`return nil`
`1054`	`1056`	`}`
`1055`	`1057`