gotosocial/internal/httpclient/sanitizer.go

/*
   GoToSocial
   Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.

   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package httpclient

import (
	"net/netip"
	"syscall"

	"github.com/superseriousbusiness/gotosocial/internal/netutil"
)

type sanitizer struct {
	allow []netip.Prefix
	block []netip.Prefix
}

// Sanitize implements the required net.Dialer.Control function signature.
func (s *sanitizer) Sanitize(ntwrk, addr string, _ syscall.RawConn) error {
	// Parse IP+port from addr
	ipport, err := netip.ParseAddrPort(addr)
	if err != nil {
		return err
	}

	// Seperate the IP
	ip := ipport.Addr()

	// Check if this is explicitly allowed
	for i := 0; i < len(s.allow); i++ {
		if s.allow[i].Contains(ip) {
			return nil
		}
	}

	// Now check if explicity blocked
	for i := 0; i < len(s.block); i++ {
		if s.block[i].Contains(ip) {
			return ErrReservedAddr
		}
	}

	// Validate this is a safe IP
	if !netutil.ValidateIP(ip) {
		return ErrReservedAddr
	}

	return nil
}
[security] transport.Controller{} and transport.Transport{} security and performance improvements (#564) * cache transports in controller by privkey-generated pubkey, add retry logic to transport requests Signed-off-by: kim <grufwub@gmail.com> * update code comments, defer mutex unlocks Signed-off-by: kim <grufwub@gmail.com> * add count to 'performing request' log message Signed-off-by: kim <grufwub@gmail.com> * reduce repeated conversions of same url.URL object Signed-off-by: kim <grufwub@gmail.com> * move worker.Worker to concurrency subpackage, add WorkQueue type, limit transport http client use by WorkQueue Signed-off-by: kim <grufwub@gmail.com> * fix security advisories regarding max outgoing conns, max rsp body size - implemented by a new httpclient.Client{} that wraps an underlying client with a queue to limit connections, and limit reader wrapping a response body with a configured maximum size - update pub.HttpClient args passed around to be this new httpclient.Client{} Signed-off-by: kim <grufwub@gmail.com> * add httpclient tests, move ip validation to separate package + change mechanism Signed-off-by: kim <grufwub@gmail.com> * fix merge conflicts Signed-off-by: kim <grufwub@gmail.com> * use singular mutex in transport rather than separate signer mus Signed-off-by: kim <grufwub@gmail.com> * improved useragent string Signed-off-by: kim <grufwub@gmail.com> * add note regarding missing test Signed-off-by: kim <grufwub@gmail.com> * remove useragent field from transport (instead store in controller) Signed-off-by: kim <grufwub@gmail.com> * shutup linter Signed-off-by: kim <grufwub@gmail.com> * reset other signing headers on each loop iteration Signed-off-by: kim <grufwub@gmail.com> * respect request ctx during retry-backoff sleep period Signed-off-by: kim <grufwub@gmail.com> * use external pkg with docs explaining performance "hack" Signed-off-by: kim <grufwub@gmail.com> * use http package constants instead of string method literals Signed-off-by: kim <grufwub@gmail.com> * add license file headers Signed-off-by: kim <grufwub@gmail.com> * update code comment to match new func names Signed-off-by: kim <grufwub@gmail.com> * updates to user-agent string Signed-off-by: kim <grufwub@gmail.com> * update signed testrig models to fit with new transport logic (instead uses separate signer now) Signed-off-by: kim <grufwub@gmail.com> * fuck you linter Signed-off-by: kim <grufwub@gmail.com> 2022-05-15 09:16:43 +00:00			`/*`
			`GoToSocial`
			`Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU Affero General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU Affero General Public License for more details.`

			`You should have received a copy of the GNU Affero General Public License`
			`along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*/`

			`package httpclient`

			`import (`
			`"net/netip"`
			`"syscall"`

			`"github.com/superseriousbusiness/gotosocial/internal/netutil"`
			`)`

			`type sanitizer struct {`
			`allow []netip.Prefix`
			`block []netip.Prefix`
			`}`

			`// Sanitize implements the required net.Dialer.Control function signature.`
			`func (s *sanitizer) Sanitize(ntwrk, addr string, _ syscall.RawConn) error {`
			`// Parse IP+port from addr`
			`ipport, err := netip.ParseAddrPort(addr)`
			`if err != nil {`
			`return err`
			`}`

			`// Seperate the IP`
			`ip := ipport.Addr()`

			`// Check if this is explicitly allowed`
			`for i := 0; i < len(s.allow); i++ {`
			`if s.allow[i].Contains(ip) {`
			`return nil`
			`}`
			`}`

			`// Now check if explicity blocked`
			`for i := 0; i < len(s.block); i++ {`
			`if s.block[i].Contains(ip) {`
			`return ErrReservedAddr`
			`}`
			`}`

			`// Validate this is a safe IP`
			`if !netutil.ValidateIP(ip) {`
			`return ErrReservedAddr`
			`}`

			`return nil`
			`}`