Deny unallowed hosts

Signed-off-by: Ryan Levick <[email protected]>

Author: rylev

Cargo.lock

@@ -111,14 +111,14 @@ members = ["crates/*", "sdk/rust", "sdk/rust/macro"]
 [workspace.dependencies]
 anyhow = "1.0.75"
 tracing = { version = "0.1", features = ["log"] }
-wasmtime-wasi = { git = "https://github.com/bytecodealliance/wasmtime", rev = "2ffbc36c377b98e4eabe89ae37bb334605d904cc", features = [
+wasmtime-wasi = { git = "https://github.com/bytecodealliance/wasmtime", rev = "2da78ca5c4c1e5a8cbc88a8ad3accf24bb4e6cfb", features = [
   "tokio",
 ] }
-wasi-common-preview1 = { git = "https://github.com/bytecodealliance/wasmtime", rev = "2ffbc36c377b98e4eabe89ae37bb334605d904cc", package = "wasi-common" }
-wasmtime = { git = "https://github.com/bytecodealliance/wasmtime", rev = "2ffbc36c377b98e4eabe89ae37bb334605d904cc", features = [
+wasi-common-preview1 = { git = "https://github.com/bytecodealliance/wasmtime", rev = "2da78ca5c4c1e5a8cbc88a8ad3accf24bb4e6cfb", package = "wasi-common" }
+wasmtime = { git = "https://github.com/bytecodealliance/wasmtime", rev = "2da78ca5c4c1e5a8cbc88a8ad3accf24bb4e6cfb", features = [
   "component-model",
 ] }
-wasmtime-wasi-http = { git = "https://github.com/bytecodealliance/wasmtime", rev = "2ffbc36c377b98e4eabe89ae37bb334605d904cc" }
+wasmtime-wasi-http = { git = "https://github.com/bytecodealliance/wasmtime", rev = "2da78ca5c4c1e5a8cbc88a8ad3accf24bb4e6cfb" }
 spin-componentize = { git = "https://github.com/fermyon/spin-componentize", rev = "191789170abde10cd55590466c0660dd6c7d472a" }
 hyper = { version = "=1.0.0-rc.3", features = ["full"] }
 http-body-util = "=0.1.0-rc.2"

Cargo.toml

@@ -178,6 +178,9 @@ fn test_config() -> Config {
 fn test_engine() -> Engine<()> {
     let mut builder = Engine::builder(&test_config()).unwrap();
     builder.add_host_component(MultiplierHostComponent).unwrap();
+    builder
+        .link_import(|l, _| wasmtime_wasi::preview2::command::add_to_linker(l))
+        .unwrap();
     builder.build()
 }
 

crates/core/tests/integration_test.rs

@@ -20,14 +20,14 @@ impl Default for AllowedHttpHosts {
 
 impl AllowedHttpHosts {
     /// Tests whether the given URL is allowed according to the allow-list.
-    pub fn allow(&self, url: &url::Url) -> bool {
+    pub fn allows(&self, url: &url::Url) -> bool {
         match self {
             Self::AllowAll => true,
             Self::AllowSpecific(hosts) => hosts.iter().any(|h| h.allow(url)),
         }
     }
 
-    pub fn allow_relative_url(&self) -> bool {
+    pub fn allows_relative_url(&self) -> bool {
         match self {
             Self::AllowAll => true,
             Self::AllowSpecific(hosts) => hosts.contains(&AllowedHttpHost::host("self")),
@@ -295,21 +295,21 @@ mod test {
     fn test_allowed_hosts_can_be_specific() {
         let allowed =
             parse_allowed_http_hosts(&["spin.fermyon.dev", "http://example.com:8383"]).unwrap();
-        assert!(allowed.allow(&Url::parse("http://example.com:8383/foo/bar").unwrap()));
-        assert!(allowed.allow(&Url::parse("https://spin.fermyon.dev/").unwrap()));
-        assert!(!allowed.allow(&Url::parse("http://example.com/").unwrap()));
-        assert!(!allowed.allow(&Url::parse("http://google.com/").unwrap()));
+        assert!(allowed.allows(&Url::parse("http://example.com:8383/foo/bar").unwrap()));
+        assert!(allowed.allows(&Url::parse("https://spin.fermyon.dev/").unwrap()));
+        assert!(!allowed.allows(&Url::parse("http://example.com/").unwrap()));
+        assert!(!allowed.allows(&Url::parse("http://google.com/").unwrap()));
     }
 
     #[test]
     fn test_allowed_hosts_allow_relative_url() {
         let allowed = parse_allowed_http_hosts(&["self", "http://example.com:8383"]).unwrap();
-        assert!(allowed.allow_relative_url());
+        assert!(allowed.allows_relative_url());
 
         let not_allowed = parse_allowed_http_hosts(&["http://example.com:8383"]).unwrap();
-        assert!(!not_allowed.allow_relative_url());
+        assert!(!not_allowed.allows_relative_url());
 
         let allow_all = parse_allowed_http_hosts(&["insecure:allow-all"]).unwrap();
-        assert!(allow_all.allow_relative_url());
+        assert!(allow_all.allows_relative_url());
     }
 }

crates/outbound-http/src/allowed_http_hosts.rs

@@ -28,11 +28,11 @@ impl OutboundHttp {
     /// If `None` is passed, the guest module is not allowed to send the request.
     fn is_allowed(&mut self, url: &str) -> Result<bool, HttpError> {
         if url.starts_with('/') {
-            return Ok(self.allowed_hosts.allow_relative_url());
+            return Ok(self.allowed_hosts.allows_relative_url());
         }
 
         let url = Url::parse(url).map_err(|_| HttpError::InvalidUrl)?;
-        Ok(self.allowed_hosts.allow(&url))
+        Ok(self.allowed_hosts.allows(&url))
     }
 }
 

crates/outbound-http/src/host_impl.rs

@@ -35,6 +35,7 @@ tls-listener = { version = "0.4.0", features = [
 ] }
 tokio = { version = "1.23", features = ["full"] }
 tokio-rustls = { version = "0.23.2" }
+url = "2.4.1"
 tracing = { workspace = true }
 wasmtime = { workspace = true }
 wasmtime-wasi = { workspace = true }

crates/trigger-http/Cargo.toml

@@ -3,6 +3,7 @@ use std::{net::SocketAddr, str, str::FromStr};
 use crate::{Body, HttpExecutor, HttpTrigger, Store};
 use anyhow::bail;
 use anyhow::{anyhow, Context, Result};
+use http::{HeaderName, HeaderValue};
 use http_body_util::BodyExt;
 use hyper::{Request, Response};
 use outbound_http::OutboundHttpComponent;
@@ -42,7 +43,7 @@ impl HttpExecutor for HttpHandlerExecutor {
         set_http_origin_from_request(&mut store, engine, &req);
 
         let resp = match HandlerType::from_exports(instance.exports(&mut store)) {
-            Some(HandlerType::Wasi) => Self::execute_wasi(store, instance, req).await?,
+            Some(HandlerType::Wasi) => Self::execute_wasi(store, instance, base, raw_route, req, client_addr).await?,
             Some(HandlerType::Spin) => {
                 Self::execute_spin(store, instance, base, raw_route, req, client_addr)
                     .await
@@ -68,11 +69,7 @@ impl HttpHandlerExecutor {
         req: Request<Body>,
         client_addr: SocketAddr,
     ) -> Result<Response<Body>> {
-        let headers;
-        let mut req = req;
-        {
-            headers = Self::headers(&mut req, raw_route, base, client_addr)?;
-        }
+        let headers = Self::headers(&req, raw_route, base, client_addr)?;
         let func = instance
             .exports(&mut store)
             .instance("fermyon:spin/inbound-http")
@@ -147,8 +144,23 @@ impl HttpHandlerExecutor {
     async fn execute_wasi(
         mut store: Store,
         instance: Instance,
-        req: Request<Body>,
+        base: &str,
+        raw_route: &str,
+        mut req: Request<Body>,
+        client_addr: SocketAddr,
     ) -> anyhow::Result<Response<Body>> {
+        let headers = Self::headers(&req, raw_route, base, client_addr)?;
+        req.headers_mut().clear();
+        req.headers_mut()
+            .extend(headers.into_iter().filter_map(|(n, v)| {
+                let Ok(name) = n.parse::<HeaderName>() else {
+                    return None;
+                };
+                let Ok(value) = HeaderValue::from_bytes(v.as_bytes()) else {
+                    return None;
+                };
+                Some((name, value))
+            }));
         let request = store.as_mut().data_mut().new_incoming_request(req)?;
 
         let (response_tx, response_rx) = oneshot::channel();
@@ -190,7 +202,7 @@ impl HttpHandlerExecutor {
     }
 
     fn headers(
-        req: &mut Request<Body>,
+        req: &Request<Body>,
         raw: &str,
         base: &str,
         client_addr: SocketAddr,
@@ -280,6 +292,8 @@ fn set_http_origin_from_request(
                     .get_or_insert(outbound_http_handle);
 
                 outbound_http_data.origin = origin.clone();
+                store.as_mut().data_mut().as_mut().allowed_hosts =
+                    outbound_http_data.allowed_hosts.clone();
             }
             store.as_mut().data_mut().as_mut().origin = Some(origin);
         }

crates/trigger-http/src/handler.rs

@@ -22,6 +22,7 @@ use hyper::{
     service::service_fn,
     Request, Response,
 };
+use outbound_http::allowed_http_hosts::AllowedHttpHosts;
 use spin_app::{AppComponent, APP_DESCRIPTION_KEY};
 use spin_core::{Engine, OutboundWasiHttpHandler};
 use spin_http::{
@@ -446,6 +447,7 @@ pub(crate) trait HttpExecutor: Clone + Send + Sync + 'static {
 #[derive(Default)]
 pub struct HttpRuntimeData {
     origin: Option<String>,
+    allowed_hosts: AllowedHttpHosts,
 }
 
 impl OutboundWasiHttpHandler for HttpRuntimeData {
@@ -458,6 +460,7 @@ impl OutboundWasiHttpHandler for HttpRuntimeData {
     where
         Self: Sized,
     {
+        let this = data.as_ref();
         let is_relative_url = request
             .request
             .uri()
@@ -466,7 +469,7 @@ impl OutboundWasiHttpHandler for HttpRuntimeData {
             .unwrap_or_default();
         if is_relative_url {
             // Origin must be set in the incoming http handler
-            let origin = data.as_ref().origin.clone().unwrap();
+            let origin = this.origin.clone().unwrap();
             let path_and_query = request
                 .request
                 .uri()
@@ -487,6 +490,28 @@ impl OutboundWasiHttpHandler for HttpRuntimeData {
             *request.request.uri_mut() = uri;
         }
 
+        let unallowed_relative = is_relative_url && !this.allowed_hosts.allows_relative_url();
+        let unallowed_absolute = !is_relative_url
+            && !this
+                .allowed_hosts
+                .allows(&url::Url::parse(&request.request.uri().to_string()).unwrap());
+        if unallowed_relative || unallowed_absolute {
+            tracing::log::error!("Destination not allowed: {}", request.request.uri());
+            let host = if unallowed_absolute {
+                // Safe to unwrap because absolute urls have a host by definition.
+                let host = request.request.uri().authority().map(|a| a.host()).unwrap();
+                terminal::warn!(
+                    "A component tried to make a HTTP request to non-allowed host '{host}'."
+                );
+                host
+            } else {
+                terminal::warn!("A component tried to make a HTTP request to the same component but it does not have permission.");
+                "self"
+            };
+            eprintln!("To allow requests, add 'allowed_http_hosts = [\"{}\"]' to the manifest component section.", host);
+            anyhow::bail!("destination-not-allowed (error 1)")
+        }
+
         wasmtime_wasi_http::types::default_send_request(data, request)
     }
 }