Page MenuHomePhabricator
Differential D12151

Improve protection against SSRF attacks
ClosedPublic
Actions

Authored by epriestley on Mar 25 2015, 12:49 AM.
Tags
None
Referenced Files
F18853878: D12151.id.diff
Fri, Oct 31, 8:14 PM
F18850525: D12151.diff
Thu, Oct 30, 5:37 PM
F18843876: D12151.diff
Wed, Oct 29, 1:35 AM
F18829342: D12151.diff
Fri, Oct 24, 9:18 PM
F18812326: D12151.id29209.diff
Mon, Oct 20, 8:37 AM
F18701115: D12151.diff
Sep 27 2025, 5:28 PM
F18697124: D12151.diff
Sep 27 2025, 8:54 AM
F18600543: D12151.diff
Sep 13 2025, 9:59 AM
View All Files
Subscribers
epriestley

Details

Reviewers
btrahan
Maniphest Tasks
T6755: Allow more granular configuration of `security.allow-outbound-http`
Commits
Restricted Diffusion Commit
rP4f8147dbb8c0: Improve protection against SSRF attacks
Summary

Ref T6755. This improves our resistance to SSRF attacks:

  • Follow redirects manually and verify each component of the redirect chain.
  • Handle authentication provider profile picture fetches more strictly.
Test Plan
  • Tried to download macros from various URIs which issued redirects, etc.
  • Downloaded an actual macro.
  • Went through external account workflow.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 29209.Mar 25 2015, 12:49 AM
epriestley retitled this revision from to Improve protection against SSRF attacks.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
epriestley added a task: T6755: Allow more granular configuration of `security.allow-outbound-http`.
Herald added a subscriber: epriestley. · View Herald TranscriptMar 25 2015, 12:49 AM
epriestley mentioned this in T6755: Allow more granular configuration of `security.allow-outbound-http`.Mar 25 2015, 12:59 AM
btrahan accepted this revision.Mar 25 2015, 1:37 AM
btrahan edited edge metadata.
This revision is now accepted and ready to land.Mar 25 2015, 1:37 AM
Closed by commit rP4f8147dbb8c0: Improve protection against SSRF attacks (authored by epriestley, committed by epriestley). · Explain WhyMar 25 2015, 1:49 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
applications/
auth/
provider/
14 lines
files/
storage/
97 lines

Diff 29213

View Options

src/applications/auth/provider/PhabricatorAuthProvider.php

Loading...
View Options

src/applications/files/storage/PhabricatorFile.php

Loading...
Phabricator · Built by Phacility