From 94ad69faf2620a520176b672e3c3fe5c4f0b32d6 Mon Sep 17 00:00:00 2001
From: Justin Clark-Casey (justincc)
Date: Thu, 27 Feb 2014 22:58:44 +0000
Subject: Remove long unused UntrustedWebRequest class
This purports to check web requests but doesn't appear to actually do that.
---
OpenSim/Framework/UntrustedWebRequest.cs | 230 -------------------------------
1 file changed, 230 deletions(-)
delete mode 100644 OpenSim/Framework/UntrustedWebRequest.cs
(limited to 'OpenSim')
diff --git a/OpenSim/Framework/UntrustedWebRequest.cs b/OpenSim/Framework/UntrustedWebRequest.cs
deleted file mode 100644
index e6411cc..0000000
--- a/OpenSim/Framework/UntrustedWebRequest.cs
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright (c) Contributors, http://opensimulator.org/
- * See CONTRIBUTORS.TXT for a full list of copyright holders.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * * Neither the name of the OpenSimulator Project nor the
- * names of its contributors may be used to endorse or promote products
- * derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Net;
-using System.Net.Security;
-using System.Text;
-using log4net;
-
-namespace OpenSim.Framework
-{
- ///
- /// Used for requests to untrusted endpoints that may potentially be
- /// malicious
- ///
- public static class UntrustedHttpWebRequest
- {
- /// Setting this to true will allow HTTP connections to localhost
- private const bool DEBUG = true;
-
- private static readonly ILog m_log =
- LogManager.GetLogger(
- System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
-
- private static readonly ICollection allowableSchemes = new List { "http", "https" };
-
- ///
- /// Creates an HttpWebRequest that is hardened against malicious
- /// endpoints after ensuring the given Uri is safe to retrieve
- ///
- /// Web location to request
- /// A hardened HttpWebRequest if the uri was determined to be safe
- /// If uri is null
- /// If uri is unsafe
- public static HttpWebRequest Create(Uri uri)
- {
- return Create(uri, DEBUG, 1000 * 5, 1000 * 20, 10);
- }
-
- ///
- /// Creates an HttpWebRequest that is hardened against malicious
- /// endpoints after ensuring the given Uri is safe to retrieve
- ///
- /// Web location to request
- /// True to allow connections to localhost, otherwise false
- /// Read write timeout, in milliseconds
- /// Connection timeout, in milliseconds
- /// Maximum number of allowed redirects
- /// A hardened HttpWebRequest if the uri was determined to be safe
- /// If uri is null
- /// If uri is unsafe
- public static HttpWebRequest Create(Uri uri, bool allowLoopback, int readWriteTimeoutMS, int timeoutMS, int maximumRedirects)
- {
- if (uri == null)
- throw new ArgumentNullException("uri");
-
- if (!IsUriAllowable(uri, allowLoopback))
- throw new ArgumentException("Uri " + uri + " was rejected");
-
- HttpWebRequest httpWebRequest = (HttpWebRequest)HttpWebRequest.Create(uri);
- httpWebRequest.MaximumAutomaticRedirections = maximumRedirects;
- httpWebRequest.ReadWriteTimeout = readWriteTimeoutMS;
- httpWebRequest.Timeout = timeoutMS;
- httpWebRequest.KeepAlive = false;
-
- return httpWebRequest;
- }
-
- public static string PostToUntrustedUrl(Uri url, string data)
- {
- try
- {
- byte[] requestData = System.Text.Encoding.UTF8.GetBytes(data);
-
- HttpWebRequest request = Create(url);
- request.Method = "POST";
- request.ContentLength = requestData.Length;
- request.ContentType = "application/x-www-form-urlencoded";
-
- using (Stream requestStream = request.GetRequestStream())
- requestStream.Write(requestData, 0, requestData.Length);
-
- using (WebResponse response = request.GetResponse())
- {
- using (Stream responseStream = response.GetResponseStream())
- return responseStream.GetStreamString();
- }
- }
- catch (Exception ex)
- {
- m_log.Warn("POST to untrusted URL " + url + " failed: " + ex.Message);
- return null;
- }
- }
-
- public static string GetUntrustedUrl(Uri url)
- {
- try
- {
- HttpWebRequest request = Create(url);
-
- using (WebResponse response = request.GetResponse())
- {
- using (Stream responseStream = response.GetResponseStream())
- return responseStream.GetStreamString();
- }
- }
- catch (Exception ex)
- {
- m_log.Warn("GET from untrusted URL " + url + " failed: " + ex.Message);
- return null;
- }
- }
-
- ///
- /// Determines whether a URI is allowed based on scheme and host name.
- /// No requireSSL check is done here
- ///
- /// True to allow loopback addresses to be used
- /// The URI to test for whether it should be allowed.
- ///
- /// true if [is URI allowable] [the specified URI]; otherwise, false.
- ///
- private static bool IsUriAllowable(Uri uri, bool allowLoopback)
- {
- if (!allowableSchemes.Contains(uri.Scheme))
- {
- m_log.WarnFormat("Rejecting URL {0} because it uses a disallowed scheme.", uri);
- return false;
- }
-
- // Try to interpret the hostname as an IP address so we can test for internal
- // IP address ranges. Note that IP addresses can appear in many forms
- // (e.g. http://127.0.0.1, http://2130706433, http://0x0100007f, http://::1
- // So we convert them to a canonical IPAddress instance, and test for all
- // non-routable IP ranges: 10.*.*.*, 127.*.*.*, ::1
- // Note that Uri.IsLoopback is very unreliable, not catching many of these variants.
- IPAddress hostIPAddress;
- if (IPAddress.TryParse(uri.DnsSafeHost, out hostIPAddress))
- {
- byte[] addressBytes = hostIPAddress.GetAddressBytes();
-
- // The host is actually an IP address.
- switch (hostIPAddress.AddressFamily)
- {
- case System.Net.Sockets.AddressFamily.InterNetwork:
- if (!allowLoopback && (addressBytes[0] == 127 || addressBytes[0] == 10))
- {
- m_log.WarnFormat("Rejecting URL {0} because it is a loopback address.", uri);
- return false;
- }
- break;
- case System.Net.Sockets.AddressFamily.InterNetworkV6:
- if (!allowLoopback && IsIPv6Loopback(hostIPAddress))
- {
- m_log.WarnFormat("Rejecting URL {0} because it is a loopback address.", uri);
- return false;
- }
- break;
- default:
- m_log.WarnFormat("Rejecting URL {0} because it does not use an IPv4 or IPv6 address.", uri);
- return false;
- }
- }
- else
- {
- // The host is given by name. We require names to contain periods to
- // help make sure it's not an internal address.
- if (!allowLoopback && !uri.Host.Contains("."))
- {
- m_log.WarnFormat("Rejecting URL {0} because it does not contain a period in the host name.", uri);
- return false;
- }
- }
-
- return true;
- }
-
- ///
- /// Determines whether an IP address is the IPv6 equivalent of "localhost/127.0.0.1".
- ///
- /// The ip address to check.
- ///
- /// true if this is a loopback IP address; false otherwise.
- ///
- private static bool IsIPv6Loopback(IPAddress ip)
- {
- if (ip == null)
- throw new ArgumentNullException("ip");
-
- byte[] addressBytes = ip.GetAddressBytes();
- for (int i = 0; i < addressBytes.Length - 1; i++)
- {
- if (addressBytes[i] != 0)
- return false;
- }
-
- if (addressBytes[addressBytes.Length - 1] != 1)
- return false;
-
- return true;
- }
- }
-}
--
cgit v1.1