Homec4science
Diffusion Phabricator 4f8147dbb8c0

Improve protection against SSRF attacks
4f8147dbb8c0
Actions

Authored by epriestley <git@epriestley.com> on Mar 25 2015, 02:49.

Description

Improve protection against SSRF attacks

Summary:
Ref T6755. This improves our resistance to SSRF attacks:

  • Follow redirects manually and verify each component of the redirect chain.
  • Handle authentication provider profile picture fetches more strictly.

Test Plan:

  • Tried to download macros from various URIs which issued redirects, etc.
  • Downloaded an actual macro.
  • Went through external account workflow.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12151

Details

Committed
epriestley <git@epriestley.com>Mar 25 2015, 02:49
Pushed
aubortJan 31 2017, 17:16
Parents
rPH22b2b8eb893a: Fix a bad call in file chunk destruction
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH4f8147dbb8c0: Improve protection against SSRF attacks (authored by epriestley <git@epriestley.com>).Mar 25 2015, 02:49

Changes (2)

Path
Msrc/applications/auth/provider/PhabricatorAuthProvider.php
Msrc/applications/files/storage/PhabricatorFile.php

rPH4f8147dbb8c0

View Options

src/applications/auth/provider/PhabricatorAuthProvider.php

Loading...
View Options

src/applications/files/storage/PhabricatorFile.php

Loading...
c4science ยท Help