jens/flipper
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix origin validation check

Browse Source 
Reviewed By: mweststrate

Differential Revision: D35080146

fbshipit-source-id: 3b8353c23b7c9c2f537801513e518b5b23a11520
This commit is contained in:
Shachar Erez
2022-03-24 09:49:16 -07:00
committed by Facebook GitHub Bot
parent df018ebdcb
commit 04dfc91c51
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
desktop/flipper-server-core/src/comms/BrowserServerWebSocket.tsx
View File

@@ -18,6 +18,8 @@ import SecureServerWebSocket, {
} from './SecureServerWebSocket'; } from './SecureServerWebSocket';
import {SecureClientQuery} from './ServerAdapter'; import {SecureClientQuery} from './ServerAdapter';
import {ClientDescription, DeviceOS} from 'flipper-common'; import {ClientDescription, DeviceOS} from 'flipper-common';
import {URL} from 'url';
import {isFBBuild} from '../fb-stubs/constants';
interface BrowserConnectionCtx extends SecureConnectionCtx { interface BrowserConnectionCtx extends SecureConnectionCtx {
clientConnection?: BrowserClientConnection; clientConnection?: BrowserClientConnection;
@@ -147,6 +149,15 @@ class BrowserServerWebSocket extends SecureServerWebSocket {
protected verifyClient(): ws.VerifyClientCallbackSync { protected verifyClient(): ws.VerifyClientCallbackSync {
return (info: {origin: string; req: IncomingMessage; secure: boolean}) => { return (info: {origin: string; req: IncomingMessage; secure: boolean}) => {
if (isFBBuild) {
try {
const urlObj = new URL(info.origin);
if (urlObj.hostname.endsWith('.facebook.com')) {
return true;
}
} catch {}
}
const ok = getFlipperServerConfig().validWebSocketOrigins.some( const ok = getFlipperServerConfig().validWebSocketOrigins.some(
(validPrefix) => info.origin.startsWith(validPrefix), (validPrefix) => info.origin.startsWith(validPrefix),
); );

6
desktop/flipper-server-core/src/comms/__tests__/BrowserServerWebSocket.node.tsx
View File

@@ -23,7 +23,7 @@ import {createMockSEListener, WSMessageAccumulator} from './utils';
jest.mock('../../FlipperServerConfig'); jest.mock('../../FlipperServerConfig');
(getFlipperServerConfig as jest.Mock).mockImplementation(() => ({ (getFlipperServerConfig as jest.Mock).mockImplementation(() => ({
validWebSocketOrigins: ['localhost:'], validWebSocketOrigins: ['http://localhost'],
})); }));
describe('BrowserServerWebSocket', () => { describe('BrowserServerWebSocket', () => {
@@ -62,7 +62,7 @@ describe('BrowserServerWebSocket', () => {
const clientReceivedMessages = new WSMessageAccumulator(); const clientReceivedMessages = new WSMessageAccumulator();
wsClient = new WebSocket( wsClient = new WebSocket(
`ws://localhost:${port}?device_id=${deviceId}&device=${device}&app=${app}&os=${os}&sdk_version=${sdkVersion}`, `ws://localhost:${port}?device_id=${deviceId}&device=${device}&app=${app}&os=${os}&sdk_version=${sdkVersion}`,
{origin: 'localhost:'}, {origin: 'http://localhost'},
); );
wsClient.onmessage = ({data}) => clientReceivedMessages.add(data); wsClient.onmessage = ({data}) => clientReceivedMessages.add(data);
await new Promise<void>((resolve, reject) => { await new Promise<void>((resolve, reject) => {
@@ -164,7 +164,7 @@ describe('BrowserServerWebSocket', () => {
const clientReceivedMessages = new WSMessageAccumulator(); const clientReceivedMessages = new WSMessageAccumulator();
wsClient = new WebSocket( wsClient = new WebSocket(
`ws://localhost:${port}?deviceId=${deviceId}&device=${device}`, `ws://localhost:${port}?deviceId=${deviceId}&device=${device}`,
{origin: 'localhost:'}, {origin: 'http://localhost'},
); );
wsClient.onmessage = ({data}) => clientReceivedMessages.add(data); wsClient.onmessage = ({data}) => clientReceivedMessages.add(data);
await new Promise<void>((resolve, reject) => { await new Promise<void>((resolve, reject) => {