From 5a04c48eb7ad7f1830c0582514dae8c4f12f2a2b Mon Sep 17 00:00:00 2001 From: Alex Tugarev Date: Fri, 30 Apr 2021 09:44:56 +0000 Subject: [PATCH] [server] improve hostname validation --- .../gitpod-protocol/src/util/gitpod-host-url.ts | 10 +++++++--- .../src/bitbucket/bitbucket-context-parser.spec.ts | 2 +- components/server/src/express-util.ts | 11 +++++++++-- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/components/gitpod-protocol/src/util/gitpod-host-url.ts b/components/gitpod-protocol/src/util/gitpod-host-url.ts index 1527f0570dc848..40b588d3f9cc26 100644 --- a/components/gitpod-protocol/src/util/gitpod-host-url.ts +++ b/components/gitpod-protocol/src/util/gitpod-host-url.ts @@ -128,9 +128,13 @@ export class GitpodHostUrl { get workspaceId(): string | undefined { const hostSegs = this.url.host.split("."); - if (hostSegs.length > 1 && hostSegs[0].match(workspaceIDRegex)) { - // URL has a workspace prefix - return hostSegs[0]; + if (hostSegs.length > 1) { + const matchResults = hostSegs[0].match(workspaceIDRegex); + if (matchResults) { + // URL has a workspace prefix + // port prefixes are excluded + return matchResults[0]; + } } const pathSegs = this.url.pathname.split("/") diff --git a/components/server/src/bitbucket/bitbucket-context-parser.spec.ts b/components/server/src/bitbucket/bitbucket-context-parser.spec.ts index e7e298378c6d1c..8b948b0b4c67d3 100644 --- a/components/server/src/bitbucket/bitbucket-context-parser.spec.ts +++ b/components/server/src/bitbucket/bitbucket-context-parser.spec.ts @@ -18,7 +18,7 @@ import { BitbucketTokenHelper } from "./bitbucket-token-handler"; const expect = chai.expect; import { skipIfEnvVarNotSet } from "@gitpod/gitpod-protocol/lib/util/skip-if"; -@suite.only(timeout(10000), skipIfEnvVarNotSet("GITPOD_TEST_TOKEN_BITBUCKET")) +@suite(timeout(10000), skipIfEnvVarNotSet("GITPOD_TEST_TOKEN_BITBUCKET")) class TestBitbucketContextParser { protected parser: BitbucketContextParser; diff --git a/components/server/src/express-util.ts b/components/server/src/express-util.ts index 936c29a8f4334a..4f4ab78353921a 100644 --- a/components/server/src/express-util.ts +++ b/components/server/src/express-util.ts @@ -9,7 +9,7 @@ import { log } from '@gitpod/gitpod-protocol/lib/util/logging'; import { URL } from 'url'; import * as express from 'express'; import * as crypto from 'crypto'; -import { GitpodHostUrl, workspaceIDRegex } from '@gitpod/gitpod-protocol/lib/util/gitpod-host-url'; +import { GitpodHostUrl } from '@gitpod/gitpod-protocol/lib/util/gitpod-host-url'; export const pingPong: WsRequestHandler = (ws, req, next) => { let pingSentTimer: any; @@ -91,7 +91,14 @@ const looksLikeWorkspaceHostname = (originHostname: URL, gitpodHostName: string) return false; } const url = new GitpodHostUrl(originHostname); - return workspaceIDRegex.test(url.workspaceId || '') + const workspaceId = url.workspaceId; + if (workspaceId) { + const hostname = url.url.hostname as string; + if (hostname.startsWith(workspaceId)) { + return true; + } + } + return false; }; export function saveSession(reqOrSession: express.Request | Express.Session): Promise {