Homestyx hydra
Diffusion hydra 4f8147dbb8c0

Improve protection against SSRF attacks
4f8147dbb8c0
Actions

Description

Improve protection against SSRF attacks

Summary:
Ref T6755. This improves our resistance to SSRF attacks:

  • Follow redirects manually and verify each component of the redirect chain.
  • Handle authentication provider profile picture fetches more strictly.

Test Plan:

  • Tried to download macros from various URIs which issued redirects, etc.
  • Downloaded an actual macro.
  • Went through external account workflow.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6755

Differential Revision: https://secure.phabricator.com/D12151

Details

Provenance
epriestleyAuthored on Mar 24 2015, 9:49 PM
sirocylPushed on Oct 16 2024, 5:49 AM
Parents
R1:22b2b8eb893a: Fix a bad call in file chunk destruction
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (2)

PathSize
src/
applications/
auth/
provider/
files/
storage/

R1:4f8147dbb8c0

View Options

src/applications/auth/provider/PhabricatorAuthProvider.php

Loading...
View Options

src/applications/files/storage/PhabricatorFile.php

Loading...
styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)