From f047aa20597747bc0e9581df7999f5a75904c6c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=99=88=E5=9B=BD=E4=BC=9F?= <366193849@qq.com>
Date: Fri, 18 Jun 2021 10:19:42 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dgithub=E9=AA=8C=E8=AF=81?=
 =?UTF-8?q?=E7=9A=84bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../ScanMiddlewares/HttpsScanMiddleware.cs      | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/FastGithub.Scanner/ScanMiddlewares/HttpsScanMiddleware.cs b/FastGithub.Scanner/ScanMiddlewares/HttpsScanMiddleware.cs
index 69151a8..f98d5dc 100644
--- a/FastGithub.Scanner/ScanMiddlewares/HttpsScanMiddleware.cs
+++ b/FastGithub.Scanner/ScanMiddlewares/HttpsScanMiddleware.cs
@@ -5,6 +5,7 @@ using System;
 using System.ComponentModel.DataAnnotations;
 using System.Linq;
 using System.Net.Http;
+using System.Net.Http.Headers;
 using System.Threading;
 using System.Threading.Tasks;
 
@@ -63,7 +64,7 @@ namespace FastGithub.Scanner.ScanMiddlewares
                 var timeout = this.options.CurrentValue.Scan.HttpsScanTimeout;
                 using var cancellationTokenSource = new CancellationTokenSource(timeout);
                 using var response = await httpClient.SendAsync(request, cancellationTokenSource.Token);
-                this.VerifyHttpResponse(context.Domain, response);
+                this.VerifyHttpsResponse(context.Domain, response);
                 context.Available = true;
 
                 await next();
@@ -86,17 +87,23 @@ namespace FastGithub.Scanner.ScanMiddlewares
         /// <param name="response"></param>
         /// <exception cref="HttpRequestException"></exception>
         /// <exception cref="ValidationException"></exception>
-        private void VerifyHttpResponse(string domain, HttpResponseMessage response)
+        private void VerifyHttpsResponse(string domain, HttpResponseMessage response)
         {
             response.EnsureSuccessStatusCode();
-            if (domain.EndsWith(".github.com"))
+
+            if (domain == "github.com" || domain.EndsWith(".github.com"))
             {
-                var server = response.Headers.Server;
-                if (server.Any(s => string.Equals("github.com", s.Product?.Name, StringComparison.OrdinalIgnoreCase)) == false)
+                if (response.Headers.Server.Any(item => IsGithubServer(item)) == false)
                 {
                     throw new ValidationException("伪造的github服务");
                 }
             }
+
+            static bool IsGithubServer(ProductInfoHeaderValue headerValue)
+            {
+                var value = headerValue.Product?.Name;
+                return string.Equals("github.com", value, StringComparison.OrdinalIgnoreCase);
+            }
         }
 
         private string GetInnerMessage(Exception ex)