Add command to list available routes #23251

PVince81 · 2020-10-07T08:42:52Z

Can be useful for debugging or for setting up firewalls or gateways.

From owncloud/core#28901 and owncloud/core#28642

Tested manually with occ security:routes and occ security:routes -d

core/Command/Security/ListRoutes.php

lib/private/Route/Router.php

core/Command/Security/ListRoutes.php

nickvergessen

see comments

PVince81 · 2020-10-07T09:22:13Z

thanks. seems this file was quite old already

core/Command/Security/ListRoutes.php

nickvergessen · 2020-10-07T09:29:03Z

It lists /ocsapp/ should we string replace that with /ocs/v{version}.php/?

core/register_command.php

lib/public/Route/IRouter.php

Can be useful for debugging or for setting up firewalls or gateways. Signed-off-by: Vincent Petry <[email protected]> Co-authored-by: Joas Schilling <[email protected]>

Replace "/ocsapp/" with "/ocs/v{version.php}/" in the security:routes output. Signed-off-by: Vincent Petry <[email protected]>

PVince81 · 2020-10-07T12:58:34Z

adjusted and squashed

ChristophWurst · 2020-10-07T14:24:22Z

core/Command/Security/ListRoutes.php

+
+	protected function configure(): void {
+		$this
+			->setName('security:routes')


why is this in security?

mostly because useful to evaluate what routes are available for firewalls/gateways/..., knowing what routes could be accessible

ChristophWurst · 2020-10-07T14:27:01Z

core/register_command.php

@@ -187,6 +187,7 @@
 	$application->add(new OC\Core\Command\Security\ImportCertificate(\OC::$server->getCertificateManager(null)));
 	$application->add(new OC\Core\Command\Security\RemoveCertificate(\OC::$server->getCertificateManager(null)));
 	$application->add(new OC\Core\Command\Security\ResetBruteforceAttempts(\OC::$server->getBruteForceThrottler()));
+	$application->add(\OC::$server->get(OC\Core\Command\Security\ListRoutes::class));


if this is for debugging we should maybe only add it when debud mode is on, no?

same comment as above: an admin can use it to find out what routes are exposed for firewall/gateway/... setup. sometimes there are strict firewalls in place and one needs to know what to add to the "allowed lists"

faily-bot · 2020-10-07T15:41:49Z

🤖 beep boop beep 🤖

Here are the logs for the failed build:

Status of 33801: failure

checkers

Show full log

The autoloaders are not up to date
Please run: bash build/autoloaderchecker.sh
And commit the result

mysql8.0-php7.4

cancelled - typically means that the tests took longer than the drone CI allows them to run

MorrisJobke · 2020-10-12T15:29:48Z

bug: -d option causes an exception for me:

php occ security:routes -d                                                                                                                                                       1 ↵
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
An unhandled exception has been thrown:
TypeError: preg_match_all() expects parameter 2 to be string, bool given in /Users/morris/Projects/nextcloud/server/core/Command/Security/ListRoutes.php:149
Stack trace:
#0 /Users/morris/Projects/nextcloud/server/core/Command/Security/ListRoutes.php(149): preg_match_all('/@([A-Z]\\w+)/', false, NULL)
#1 /Users/morris/Projects/nextcloud/server/core/Command/Security/ListRoutes.php(76): OC\Core\Command\Security\ListRoutes->buildController('logreader.log.g...')
#2 /Users/morris/Projects/nextcloud/server/apps2/deck/vendor/symfony/console/Command/Command.php(258): OC\Core\Command\Security\ListRoutes->execute(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#3 /Users/morris/Projects/nextcloud/server/core/Command/Base.php(169): Symfony\Component\Console\Command\Command->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#4 /Users/morris/Projects/nextcloud/server/apps2/deck/vendor/symfony/console/Application.php(920): OC\Core\Command\Base->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#5 /Users/morris/Projects/nextcloud/server/apps2/deck/vendor/symfony/console/Application.php(266): Symfony\Component\Console\Application->doRunCommand(Object(OC\Core\Command\Security\ListRoutes), Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#6 /Users/morris/Projects/nextcloud/server/apps2/deck/vendor/symfony/console/Application.php(142): Symfony\Component\Console\Application->doRun(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#7 /Users/morris/Projects/nextcloud/server/lib/private/Console/Application.php(215): Symfony\Component\Console\Application->run(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#8 /Users/morris/Projects/nextcloud/server/console.php(100): OC\Console\Application->run()
#9 /Users/morris/Projects/nextcloud/server/occ(11): require_once('/Users/morris/P...')
#10 {main}%

MorrisJobke · 2021-05-20T10:19:51Z

@PVince81 🏓

PVince81 · 2021-05-20T10:20:58Z

I have the feeling that there is no real use or interest for this feature, so I'll close it

PVince81 added enhancement feature: occ labels Oct 7, 2020

PVince81 added this to the Nextcloud 21 milestone Oct 7, 2020

PVince81 requested review from nickvergessen and MorrisJobke October 7, 2020 08:42

PVince81 self-assigned this Oct 7, 2020

nickvergessen added the 3. to review Waiting for reviews label Oct 7, 2020