Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

opensim-development – Blame information for rev 1

Rev	Author	Line No.	Line
1	eva	1	/*
		2	* Copyright (c) Contributors, http://opensimulator.org/
		3	* See CONTRIBUTORS.TXT for a full list of copyright holders.
		4	*
		5	* Redistribution and use in source and binary forms, with or without
		6	* modification, are permitted provided that the following conditions are met:
		7	* * Redistributions of source code must retain the above copyright
		8	* notice, this list of conditions and the following disclaimer.
		9	* * Redistributions in binary form must reproduce the above copyright
		10	* notice, this list of conditions and the following disclaimer in the
		11	* documentation and/or other materials provided with the distribution.
		12	* * Neither the name of the OpenSimulator Project nor the
		13	* names of its contributors may be used to endorse or promote products
		14	* derived from this software without specific prior written permission.
		15	*
		16	* THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
		17	* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
		18	* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
		19	* DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
		20	* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
		21	* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		22	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
		23	* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
		24	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
		25	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
		26	*/
		27
		28	using System;
		29	using System.Collections.Generic;
		30	using System.IO;
		31	using System.Net;
		32	using System.Net.Security;
		33	using System.Text;
		34	using log4net;
		35
		36	namespace OpenSim.Framework
		37	{
		38	/// <summary>
		39	/// Used for requests to untrusted endpoints that may potentially be
		40	/// malicious
		41	/// </summary>
		42	public static class UntrustedHttpWebRequest
		43	{
		44	/// <summary>Setting this to true will allow HTTP connections to localhost</summary>
		45	private const bool DEBUG = true;
		46
		47	private static readonly ILog m_log =
		48	LogManager.GetLogger(
		49	System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
		50
		51	private static readonly ICollection<string> allowableSchemes = new List<string> { "http", "https" };
		52
		53	/// <summary>
		54	/// Creates an HttpWebRequest that is hardened against malicious
		55	/// endpoints after ensuring the given Uri is safe to retrieve
		56	/// </summary>
		57	/// <param name="uri">Web location to request</param>
		58	/// <returns>A hardened HttpWebRequest if the uri was determined to be safe</returns>
		59	/// <exception cref="ArgumentNullException">If uri is null</exception>
		60	/// <exception cref="ArgumentException">If uri is unsafe</exception>
		61	public static HttpWebRequest Create(Uri uri)
		62	{
		63	return Create(uri, DEBUG, 1000 * 5, 1000 * 20, 10);
		64	}
		65
		66	/// <summary>
		67	/// Creates an HttpWebRequest that is hardened against malicious
		68	/// endpoints after ensuring the given Uri is safe to retrieve
		69	/// </summary>
		70	/// <param name="uri">Web location to request</param>
		71	/// <param name="allowLoopback">True to allow connections to localhost, otherwise false</param>
		72	/// <param name="readWriteTimeoutMS">Read write timeout, in milliseconds</param>
		73	/// <param name="timeoutMS">Connection timeout, in milliseconds</param>
		74	/// <param name="maximumRedirects">Maximum number of allowed redirects</param>
		75	/// <returns>A hardened HttpWebRequest if the uri was determined to be safe</returns>
		76	/// <exception cref="ArgumentNullException">If uri is null</exception>
		77	/// <exception cref="ArgumentException">If uri is unsafe</exception>
		78	public static HttpWebRequest Create(Uri uri, bool allowLoopback, int readWriteTimeoutMS, int timeoutMS, int maximumRedirects)
		79	{
		80	if (uri == null)
		81	throw new ArgumentNullException("uri");
		82
		83	if (!IsUriAllowable(uri, allowLoopback))
		84	throw new ArgumentException("Uri " + uri + " was rejected");
		85
		86	HttpWebRequest httpWebRequest = (HttpWebRequest)HttpWebRequest.Create(uri);
		87	httpWebRequest.MaximumAutomaticRedirections = maximumRedirects;
		88	httpWebRequest.ReadWriteTimeout = readWriteTimeoutMS;
		89	httpWebRequest.Timeout = timeoutMS;
		90	httpWebRequest.KeepAlive = false;
		91
		92	return httpWebRequest;
		93	}
		94
		95	public static string PostToUntrustedUrl(Uri url, string data)
		96	{
		97	try
		98	{
		99	byte[] requestData = System.Text.Encoding.UTF8.GetBytes(data);
		100
		101	HttpWebRequest request = Create(url);
		102	request.Method = "POST";
		103	request.ContentLength = requestData.Length;
		104	request.ContentType = "application/x-www-form-urlencoded";
		105
		106	using (Stream requestStream = request.GetRequestStream())
		107	requestStream.Write(requestData, 0, requestData.Length);
		108
		109	using (WebResponse response = request.GetResponse())
		110	{
		111	using (Stream responseStream = response.GetResponseStream())
		112	return responseStream.GetStreamString();
		113	}
		114	}
		115	catch (Exception ex)
		116	{
		117	m_log.Warn("POST to untrusted URL " + url + " failed: " + ex.Message);
		118	return null;
		119	}
		120	}
		121
		122	public static string GetUntrustedUrl(Uri url)
		123	{
		124	try
		125	{
		126	HttpWebRequest request = Create(url);
		127
		128	using (WebResponse response = request.GetResponse())
		129	{
		130	using (Stream responseStream = response.GetResponseStream())
		131	return responseStream.GetStreamString();
		132	}
		133	}
		134	catch (Exception ex)
		135	{
		136	m_log.Warn("GET from untrusted URL " + url + " failed: " + ex.Message);
		137	return null;
		138	}
		139	}
		140
		141	/// <summary>
		142	/// Determines whether a URI is allowed based on scheme and host name.
		143	/// No requireSSL check is done here
		144	/// </summary>
		145	/// <param name="allowLoopback">True to allow loopback addresses to be used</param>
		146	/// <param name="uri">The URI to test for whether it should be allowed.</param>
		147	/// <returns>
		148	/// <c>true</c> if [is URI allowable] [the specified URI]; otherwise, <c>false</c>.
		149	/// </returns>
		150	private static bool IsUriAllowable(Uri uri, bool allowLoopback)
		151	{
		152	if (!allowableSchemes.Contains(uri.Scheme))
		153	{
		154	m_log.WarnFormat("Rejecting URL {0} because it uses a disallowed scheme.", uri);
		155	return false;
		156	}
		157
		158	// Try to interpret the hostname as an IP address so we can test for internal
		159	// IP address ranges. Note that IP addresses can appear in many forms
		160	// (e.g. http://127.0.0.1, http://2130706433, http://0x0100007f, http://::1
		161	// So we convert them to a canonical IPAddress instance, and test for all
		162	// non-routable IP ranges: 10.*.*.*, 127.*.*.*, ::1
		163	// Note that Uri.IsLoopback is very unreliable, not catching many of these variants.
		164	IPAddress hostIPAddress;
		165	if (IPAddress.TryParse(uri.DnsSafeHost, out hostIPAddress))
		166	{
		167	byte[] addressBytes = hostIPAddress.GetAddressBytes();
		168
		169	// The host is actually an IP address.
		170	switch (hostIPAddress.AddressFamily)
		171	{
		172	case System.Net.Sockets.AddressFamily.InterNetwork:
		173	if (!allowLoopback && (addressBytes[0] == 127 || addressBytes[0] == 10))
		174	{
		175	m_log.WarnFormat("Rejecting URL {0} because it is a loopback address.", uri);
		176	return false;
		177	}
		178	break;
		179	case System.Net.Sockets.AddressFamily.InterNetworkV6:
		180	if (!allowLoopback && IsIPv6Loopback(hostIPAddress))
		181	{
		182	m_log.WarnFormat("Rejecting URL {0} because it is a loopback address.", uri);
		183	return false;
		184	}
		185	break;
		186	default:
		187	m_log.WarnFormat("Rejecting URL {0} because it does not use an IPv4 or IPv6 address.", uri);
		188	return false;
		189	}
		190	}
		191	else
		192	{
		193	// The host is given by name. We require names to contain periods to
		194	// help make sure it's not an internal address.
		195	if (!allowLoopback && !uri.Host.Contains("."))
		196	{
		197	m_log.WarnFormat("Rejecting URL {0} because it does not contain a period in the host name.", uri);
		198	return false;
		199	}
		200	}
		201
		202	return true;
		203	}
		204
		205	/// <summary>
		206	/// Determines whether an IP address is the IPv6 equivalent of "localhost/127.0.0.1".
		207	/// </summary>
		208	/// <param name="ip">The ip address to check.</param>
		209	/// <returns>
		210	/// <c>true</c> if this is a loopback IP address; <c>false</c> otherwise.
		211	/// </returns>
		212	private static bool IsIPv6Loopback(IPAddress ip)
		213	{
		214	if (ip == null)
		215	throw new ArgumentNullException("ip");
		216
		217	byte[] addressBytes = ip.GetAddressBytes();
		218	for (int i = 0; i < addressBytes.Length - 1; i++)
		219	{
		220	if (addressBytes[i] != 0)
		221	return false;
		222	}
		223
		224	if (addressBytes[addressBytes.Length - 1] != 1)
		225	return false;
		226
		227	return true;
		228	}
		229	}
		230	}

Powered by WebSVN 2.7.0 and Apache Subversion 1.14.2     ✓ XHTML & CSS