commit: 843fcca5b4d022e4c088d4a60839b4a286500148
parent 506a1c98e716754455387be9ace3ad7aec9c47a3
Author: Mark Felder <feld@feld.me>
Date: Mon, 29 May 2023 13:59:51 -0400
Validate Host header matches expected value before allowing access to MediaProxy
Diffstat:
2 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/lib/pleroma/web/media_proxy/media_proxy_controller.ex b/lib/pleroma/web/media_proxy/media_proxy_controller.ex
@@ -12,6 +12,7 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
alias Pleroma.Web.MediaProxy
alias Plug.Conn
+ plug(:validate_host)
plug(:sandbox)
def remote(conn, %{"sig" => sig64, "url" => url64}) do
@@ -205,6 +206,17 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyController do
Config.get([:media_proxy, :proxy_opts], [])
end
+ defp validate_host(conn, _params) do
+ proxy_host = MediaProxy.base_url() |> URI.parse() |> Map.get(:host)
+
+ if match?(^proxy_host, conn.host) do
+ conn
+ else
+ send_resp(conn, 400, Conn.Status.reason_phrase(400))
+ |> halt()
+ end
+ end
+
defp sandbox(conn, _params) do
conn
|> merge_resp_headers([{"content-security-policy", "sandbox;"}])
diff --git a/test/pleroma/web/media_proxy/media_proxy_controller_test.exs b/test/pleroma/web/media_proxy/media_proxy_controller_test.exs
@@ -54,6 +54,23 @@ defmodule Pleroma.Web.MediaProxy.MediaProxyControllerTest do
} = get(conn, "/proxy/hhgfh/eeee/fff")
end
+ test "it returns a 400 for invalid host", %{conn: conn} do
+ clear_config([:media_proxy, :base_url], "http://mp.localhost/")
+
+ url =
+ MediaProxy.encode_url("https://pleroma.social/logo.jpeg")
+ |> URI.parse()
+ |> Map.put(:host, "wronghost")
+ |> URI.to_string()
+
+ with_mock Pleroma.ReverseProxy,
+ call: fn _conn, _url, _opts -> %Conn{status: :success} end do
+ %{status: status} = get(conn, url)
+
+ assert status == 400
+ end
+ end
+
test "redirects to valid url when filename is invalidated", %{conn: conn, url: url} do
invalid_url = String.replace(url, "test.png", "test-file.png")
response = get(conn, invalid_url)
