mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

add pointer to annex.security.allowed-url-schemes

Browse source 
Sponsored-by: Kevin Mueller on Patreon
This commit is contained in:
Joey Hess 2021-07-02 10:43:44 -04:00
parent 5f0cc72303
commit 9905ec19a7
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
2 changed files with 9 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Annex/Url.hs
View file

@ -73,6 +73,7 @@ getUrlOptions = Annex.getState Annex.urloptions >>= \case
<*> pure urldownloader <*> pure urldownloader
<*> pure manager <*> pure manager
<*> (annexAllowedUrlSchemes <$> Annex.getGitConfig) <*> (annexAllowedUrlSchemes <$> Annex.getGitConfig)
<*> pure (Just (\u -> "Configuration of annex.security.allowed-url-schemes does not allow accessing " ++ show u))
<*> pure U.noBasicAuth <*> pure U.noBasicAuth
headers = annexHttpHeadersCommand <$> Annex.getGitConfig >>= \case headers = annexHttpHeadersCommand <$> Annex.getGitConfig >>= \case

13
Utility/Url.hs
View file

@ -97,6 +97,7 @@ data UrlOptions = UrlOptions
, applyRequest :: Request -> Request , applyRequest :: Request -> Request
, httpManager :: Manager , httpManager :: Manager
, allowedSchemes :: S.Set Scheme , allowedSchemes :: S.Set Scheme
, disallowedSchemeMessage :: Maybe (URI -> String)
, getBasicAuth :: GetBasicAuth , getBasicAuth :: GetBasicAuth
} }
@ -115,11 +116,12 @@ defUrlOptions = UrlOptions
<*> pure id <*> pure id
<*> newManager tlsManagerSettings <*> newManager tlsManagerSettings
<*> pure (S.fromList $ map mkScheme ["http", "https", "ftp"]) <*> pure (S.fromList $ map mkScheme ["http", "https", "ftp"])
<*> pure Nothing
<*> pure noBasicAuth <*> pure noBasicAuth
mkUrlOptions :: Maybe UserAgent -> Headers -> UrlDownloader -> Manager -> S.Set Scheme -> GetBasicAuth -> UrlOptions mkUrlOptions :: Maybe UserAgent -> Headers -> UrlDownloader -> Manager -> S.Set Scheme -> Maybe (URI -> String) -> GetBasicAuth -> UrlOptions
mkUrlOptions defuseragent reqheaders urldownloader manager getbasicauth = mkUrlOptions defuseragent reqheaders urldownloader =
UrlOptions useragent reqheaders urldownloader applyrequest manager getbasicauth UrlOptions useragent reqheaders urldownloader applyrequest
where where
applyrequest = \r -> r { requestHeaders = requestHeaders r ++ addedheaders } applyrequest = \r -> r { requestHeaders = requestHeaders r ++ addedheaders }
addedheaders = uaheader ++ otherheaders addedheaders = uaheader ++ otherheaders
@ -156,8 +158,9 @@ curlParams uo ps = ps ++ uaparams ++ headerparams ++ addedparams ++ schemeparams
checkPolicy :: UrlOptions -> URI -> IO (Either String a) -> IO (Either String a) checkPolicy :: UrlOptions -> URI -> IO (Either String a) -> IO (Either String a)
checkPolicy uo u a checkPolicy uo u a
| allowedScheme uo u = a | allowedScheme uo u = a
| otherwise = return $ Left $ | otherwise = return $ Left $ case disallowedSchemeMessage uo of
"Configuration does not allow accessing " ++ show u Nothing -> "Configuration does not allow accessing" ++ show u
Just f -> f u
unsupportedUrlScheme :: URI -> String unsupportedUrlScheme :: URI -> String
unsupportedUrlScheme u = "Unsupported url scheme " ++ show u unsupportedUrlScheme u = "Unsupported url scheme " ++ show u