Giter Club home page Giter Club logo

Comments (2)

cdenneen avatar cdenneen commented on June 26, 2024

puppet-archive/lib/puppet_x/bodeco/util.rb

Lines 86 to 118 in 2f4cb0f

def generate_request(uri)
header = @cookie && { 'Cookie' => @cookie }
request = Net::HTTP::Get.new(uri.request_uri, header)
request.basic_auth(@username, @password) if @username && @password
request
end
def follow_redirect(uri, option = { limit: FOLLOW_LIMIT }, &block)
http_opts = if uri.scheme == 'https'
{ use_ssl: true,
verify_mode: (@insecure ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER) }
else
{ use_ssl: false }
end
Net::HTTP.start(uri.host, uri.port, @proxy_addr, @proxy_port, http_opts) do |http|
http.request(generate_request(uri)) do |response|
case response
when Net::HTTPSuccess
yield response
when Net::HTTPRedirection
limit = option[:limit] - 1
raise Puppet::Error, "Redirect limit exceeded, last url: #{uri}" if limit < 0
location = safe_escape(response['location'])
new_uri = URI(location)
new_uri = URI(uri.to_s + location) if new_uri.relative?
follow_redirect(new_uri, limit: limit, &block)
else
raise Puppet::Error, "HTTP Error Code #{response.code}\nURL: #{uri}\nContent:\n#{response.body}"
end
end
end
end

since generate_request is request.basic_auth(@username, @password) if @username && @password regardless if the initial request or a redirect the username/password is getting passed on to the redirection which leads to potential leak of credentials but larger issue is any redirect to something like an s3 bucket will have a signature in the redirect and can't have additional basic auth or causes the Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified error.

from puppet-archive.

cdenneen avatar cdenneen commented on June 26, 2024

I know this code hasn't been touched since initially created by @nanliu so not sure if anyone wants to tackle this.

from puppet-archive.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.