Почетна Преглед Помоћ
Пријавите се
RISCI_ATOM
/
nextcloud-server
огледало од https://github.com/nextcloud/server.git
1
0
Креирај огранак 0
Датотеке Дискусије 23 Вики
Дрво: da2e3751ab
Гране Ознаке
nextcloud-serve...
/
lib
/
private
/
Security
/
RemoteHostValidator.php

RemoteHostValidator.php 2.3 KB
Историја Датотека

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. /*
    6. 

  6.  * @copyright 2022 Christoph Wurst <christoph@winzerhof-wurst.at>
    7. 

  7.  *
    8. 

  8.  * @author 2022 Christoph Wurst <christoph@winzerhof-wurst.at>
    9. 

  9.  *
    10. 

  10.  * @license GNU AGPL version 3 or any later version
    11. 

  11.  *
    12. 

  12.  * This program is free software: you can redistribute it and/or modify
    13. 

  13.  * it under the terms of the GNU Affero General Public License as
    14. 

  14.  * published by the Free Software Foundation, either version 3 of the
    15. 

  15.  * License, or (at your option) any later version.
    16. 

  16.  *
    17. 

  17.  * This program is distributed in the hope that it will be useful,
    18. 

  18.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    19. 

  19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    20. 

  20.  * GNU Affero General Public License for more details.
    21. 

  21.  *
    22. 

  22.  * You should have received a copy of the GNU Affero General Public License
    23. 

  23.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    24. 

  24.  */
    25. 

  25. 

  26. namespace OC\Security;
    27. 

  27. 

  28. use OC\Net\HostnameClassifier;
    29. 

  29. use OC\Net\IpAddressClassifier;
    30. 

  30. use OCP\IConfig;
    31. 

  31. use OCP\Security\IRemoteHostValidator;
    32. 

  32. use Psr\Log\LoggerInterface;
    33. 

  33. use function strpos;
    34. 

  34. use function strtolower;
    35. 

  35. use function substr;
    36. 

  36. use function urldecode;
    37. 

  37. 

  38. /**
    39. 

  39.  * @internal
    40. 

  40.  */
    41. 

  41. final class RemoteHostValidator implements IRemoteHostValidator {
    42. 

  42. 	private IConfig $config;
    43. 

  43. 	private HostnameClassifier $hostnameClassifier;
    44. 

  44. 	private IpAddressClassifier $ipAddressClassifier;
    45. 

  45. 	private LoggerInterface $logger;
    46. 

  46. 

  47. 	public function __construct(IConfig $config,
    48. 

  48. 								HostnameClassifier $hostnameClassifier,
    49. 

  49. 								IpAddressClassifier $ipAddressClassifier,
    50. 

  50. 								LoggerInterface $logger) {
    51. 

  51. 		$this->config = $config;
    52. 

  52. 		$this->hostnameClassifier = $hostnameClassifier;
    53. 

  53. 		$this->ipAddressClassifier = $ipAddressClassifier;
    54. 

  54. 		$this->logger = $logger;
    55. 

  55. 	}
    56. 

  56. 

  57. 	public function isValid(string $host): bool {
    58. 

  58. 		if ($this->config->getSystemValueBool('allow_local_remote_servers', false)) {
    59. 

  59. 			return true;
    60. 

  60. 		}
    61. 

  61. 

  62. 		$host = idn_to_utf8(strtolower(urldecode($host)));
    63. 

  63. 		if ($host === false) {
    64. 

  64. 			return false;
    65. 

  65. 		}
    66. 

  66. 

  67. 		// Remove brackets from IPv6 addresses
    68. 

  68. 		if (strpos($host, '[') === 0 && substr($host, -1) === ']') {
    69. 

  69. 			$host = substr($host, 1, -1);
    70. 

  70. 		}
    71. 

  71. 

  72. 		if ($this->hostnameClassifier->isLocalHostname($host)
    73. 

  73. 			|| $this->ipAddressClassifier->isLocalAddress($host)) {
    74. 

  74. 			$this->logger->warning("Host $host was not connected to because it violates local access rules");
    75. 

  75. 			return false;
    76. 

  76. 		}
    77. 

  77. 

  78. 		return true;
    79. 

  79. 	}
    80. 

  80. }
    81.