ouczbs/FastGithub
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复github验证的bug

Browse Source
This commit is contained in:
陈国伟 2021-06-18 10:19:42 +08:00
parent def69382ba
commit f047aa2059
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
FastGithub.Scanner/ScanMiddlewares/HttpsScanMiddleware.cs
View File

@ -5,6 +5,7 @@ using System;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using System.Linq; using System.Linq;
using System.Net.Http; using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
@ -63,7 +64,7 @@ namespace FastGithub.Scanner.ScanMiddlewares
var timeout = this.options.CurrentValue.Scan.HttpsScanTimeout; var timeout = this.options.CurrentValue.Scan.HttpsScanTimeout;
using var cancellationTokenSource = new CancellationTokenSource(timeout); using var cancellationTokenSource = new CancellationTokenSource(timeout);
using var response = await httpClient.SendAsync(request, cancellationTokenSource.Token); using var response = await httpClient.SendAsync(request, cancellationTokenSource.Token);
this.VerifyHttpResponse(context.Domain, response); this.VerifyHttpsResponse(context.Domain, response);
context.Available = true; context.Available = true;
await next(); await next();
@ -86,17 +87,23 @@ namespace FastGithub.Scanner.ScanMiddlewares
/// <param name="response"></param> /// <param name="response"></param>
/// <exception cref="HttpRequestException"></exception> /// <exception cref="HttpRequestException"></exception>
/// <exception cref="ValidationException"></exception> /// <exception cref="ValidationException"></exception>
private void VerifyHttpResponse(string domain, HttpResponseMessage response) private void VerifyHttpsResponse(string domain, HttpResponseMessage response)
{ {
response.EnsureSuccessStatusCode(); response.EnsureSuccessStatusCode();
if (domain.EndsWith(".github.com"))
if (domain == "github.com" || domain.EndsWith(".github.com"))
{ {
var server = response.Headers.Server; if (response.Headers.Server.Any(item => IsGithubServer(item)) == false)
if (server.Any(s => string.Equals("github.com", s.Product?.Name, StringComparison.OrdinalIgnoreCase)) == false)
{ {
throw new ValidationException("伪造的github服务"); throw new ValidationException("伪造的github服务");
} }
} }
static bool IsGithubServer(ProductInfoHeaderValue headerValue)
{
var value = headerValue.Product?.Name;
return string.Equals("github.com", value, StringComparison.OrdinalIgnoreCase);
}
} }
private string GetInnerMessage(Exception ex) private string GetInnerMessage(Exception ex)