Implement option to disable private IP blocking for remote registries (#744)

Author: nick-terry

cmd/thv/app/config.go

@@ -16,6 +16,7 @@ import (
 	rt "github.com/stacklok/toolhive/pkg/container/runtime"
 	"github.com/stacklok/toolhive/pkg/labels"
 	"github.com/stacklok/toolhive/pkg/logger"
+	"github.com/stacklok/toolhive/pkg/networking"
 	"github.com/stacklok/toolhive/pkg/transport"
 )
 
@@ -114,6 +115,10 @@ var unsetRegistryURLCmd = &cobra.Command{
 	RunE:  unsetRegistryURLCmdFunc,
 }
 
+var (
+	allowPrivateRegistryIp bool
+)
+
 func init() {
 	// Add config command to root command
 	rootCmd.AddCommand(configCmd)
@@ -126,8 +131,16 @@ func init() {
 	configCmd.AddCommand(getCACertCmd)
 	configCmd.AddCommand(unsetCACertCmd)
 	configCmd.AddCommand(setRegistryURLCmd)
+	setRegistryURLCmd.Flags().BoolVarP(
+		&allowPrivateRegistryIp,
+		"allow-private-ip",
+		"p",
+		false,
+		"Allow setting the registry URL, even if it references a private IP address",
+	)
 	configCmd.AddCommand(getRegistryURLCmd)
 	configCmd.AddCommand(unsetRegistryURLCmd)
+
 }
 
 func registerClientCmdFunc(cmd *cobra.Command, args []string) error {
@@ -385,15 +398,33 @@ func setRegistryURLCmdFunc(_ *cobra.Command, args []string) error {
 		return fmt.Errorf("registry URL must start with http:// or https://")
 	}
 
+	if !allowPrivateRegistryIp {
+		registryClient := networking.GetHttpClient(false)
+		_, err := registryClient.Get(registryURL)
+		if err != nil && strings.Contains(fmt.Sprint(err), networking.ErrPrivateIpAddress) {
+			return err
+		}
+	}
+
 	// Update the configuration
 	err := config.UpdateConfig(func(c *config.Config) {
 		c.RegistryUrl = registryURL
+		c.AllowPrivateRegistryIp = allowPrivateRegistryIp
 	})
 	if err != nil {
 		return fmt.Errorf("failed to update configuration: %w", err)
 	}
 
 	fmt.Printf("Successfully set registry URL: %s\n", registryURL)
+	if allowPrivateRegistryIp {
+		fmt.Print("Successfully enabled use of private IP addresses for the remote registry\n")
+		fmt.Print("Caution: allowing registry URLs containing private IP addresses may decrease your security.\n" +
+			"Make sure you trust any remote registries you configure with ToolHive.")
+	} else {
+		fmt.Printf("Use of private IP addresses for the remote registry has been disabled" +
+			" as it's not needed for the provided registry.\n")
+	}
+
 	return nil
 }
 

docs/cli/thv_config_set-registry-url.md

@@ -23,10 +23,11 @@ const lockTimeout = 1 * time.Second
 
 // Config represents the configuration of the application.
 type Config struct {
-	Secrets           Secrets `yaml:"secrets"`
-	Clients           Clients `yaml:"clients"`
-	RegistryUrl       string  `yaml:"registry_url"`
-	CACertificatePath string  `yaml:"ca_certificate_path,omitempty"`
+	Secrets                Secrets `yaml:"secrets"`
+	Clients                Clients `yaml:"clients"`
+	RegistryUrl            string  `yaml:"registry_url"`
+	AllowPrivateRegistryIp bool    `yaml:"allow_private_registry_ip"`
+	CACertificatePath      string  `yaml:"ca_certificate_path,omitempty"`
 }
 
 // Secrets contains the settings for secrets management.
@@ -89,7 +90,8 @@ func createNewConfigWithDefaults() Config {
 			ProviderType:   "", // No default provider - user must run setup
 			SetupCompleted: false,
 		},
-		RegistryUrl: "",
+		RegistryUrl:            "",
+		AllowPrivateRegistryIp: false,
 	}
 }
 

pkg/config/config.go

@@ -208,6 +208,48 @@ func TestRegistryURLConfig(t *testing.T) {
 			}
 		})
 	})
+
+	t.Run("TestAllowPrivateRegistryIp", func(t *testing.T) {
+		t.Parallel()
+		tempDir, configPath := SetupTestConfig(t, &Config{
+			Secrets: Secrets{
+				ProviderType: string(secrets.EncryptedType),
+			},
+			Clients: Clients{
+				RegisteredClients: []string{},
+			},
+			RegistryUrl:            "",
+			AllowPrivateRegistryIp: false,
+		})
+
+		// Test enabling
+		err := UpdateConfigAtPath(configPath, func(c *Config) {
+			c.AllowPrivateRegistryIp = true
+		})
+		require.NoError(t, err)
+
+		// Load the config and verify the setting was toggled to true
+		config, err := LoadOrCreateConfigWithPath(configPath)
+		require.NoError(t, err)
+		assert.Equal(t, true, config.AllowPrivateRegistryIp)
+
+		// Test toggling setting to false
+		err = UpdateConfigAtPath(configPath, func(c *Config) {
+			c.AllowPrivateRegistryIp = false
+		})
+		require.NoError(t, err)
+
+		// Load the config and verify the setting was toggled to false
+		config, err = LoadOrCreateConfigWithPath(configPath)
+		require.NoError(t, err)
+		assert.Equal(t, false, config.AllowPrivateRegistryIp)
+
+		t.Cleanup(func() {
+			if err := os.RemoveAll(tempDir); err != nil {
+				t.Logf("Failed to remove temp dir: %v", err)
+			}
+		})
+	})
 }
 
 func TestSecrets_GetProviderType_EnvironmentVariable(t *testing.T) {

pkg/config/config_test.go

@@ -1,7 +1,6 @@
 package networking
 
 import (
-	"errors"
 	"fmt"
 	"net"
 	"net/http"
@@ -15,51 +14,14 @@ var privateIPBlocks []*net.IPNet
 // HttpTimeout is the timeout for outgoing HTTP requests
 const HttpTimeout = 30 * time.Second
 
-func init() {
-	for _, cidr := range []string{
-		"127.0.0.0/8",    // IPv4 loopback
-		"10.0.0.0/8",     // RFC1918
-		"172.16.0.0/12",  // RFC1918
-		"192.168.0.0/16", // RFC1918
-		"169.254.0.0/16", // RFC3927 link-local
-		"::1/128",        // IPv6 loopback
-		"fe80::/10",      // IPv6 link-local
-		"fc00::/7",       // IPv6 unique local addr
-	} {
-		_, block, err := net.ParseCIDR(cidr)
-		if err != nil {
-			panic(fmt.Errorf("parse error on %q: %v", cidr, err))
-		}
-		privateIPBlocks = append(privateIPBlocks, block)
-	}
-}
-
-func isPrivateIP(ip net.IP) bool {
-	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
-		return true
-	}
-	for _, block := range privateIPBlocks {
-		if block.Contains(ip) {
-			return true
-		}
-	}
-	return false
-}
-
 // Dialer control function for validating addresses prior to connection
-func protectedDialerControl(network, address string, _ syscall.RawConn) error {
-
-	fmt.Printf("protectedDialerControl: %s, %s\n", network, address)
+func protectedDialerControl(_, address string, _ syscall.RawConn) error {
 
-	host, _, err := net.SplitHostPort(address)
+	err := AddressReferencesPrivateIp(address)
 	if err != nil {
 		return err
 	}
-	// Check for a private IP address or loopback
-	ip := net.ParseIP(host)
-	if isPrivateIP(ip) {
-		return errors.New("private IP address not allowed")
-	}
+
 	return nil
 }
 
@@ -85,18 +47,23 @@ func (t *ValidatingTransport) RoundTrip(req *http.Request) (*http.Response, erro
 	return t.Transport.RoundTrip(req)
 }
 
-// GetProtectedHttpClient returns a new http client with a protected dialer and URL validation
-func GetProtectedHttpClient() *http.Client {
+// GetHttpClient returns a new http client which uses a protected dialer and URL validation by default
+func GetHttpClient(allowPrivateIp bool) *http.Client {
 
-	protectedTransport := &http.Transport{
-		DialContext: (&net.Dialer{
-			Control: protectedDialerControl,
-		}).DialContext,
+	var transport *http.Transport
+	if !allowPrivateIp {
+		transport = &http.Transport{
+			DialContext: (&net.Dialer{
+				Control: protectedDialerControl,
+			}).DialContext,
+		}
+	} else {
+		transport = &http.Transport{}
 	}
 
 	client := &http.Client{
 		Transport: &ValidatingTransport{
-			Transport: protectedTransport,
+			Transport: transport,
 		},
 		Timeout: HttpTimeout,
 	}

pkg/networking/http_client.go

@@ -0,0 +1,59 @@
+package networking
+
+import (
+	"errors"
+	"fmt"
+	"net"
+)
+
+const (
+	// ErrPrivateIpAddress is the error returned when the provided URL redirects to a private IP address
+	ErrPrivateIpAddress = "the provided registry URL redirects to a private IP address, which is not allowed; " +
+		"to override this, reset the registry URL using the --allow-private-ip (-p) flag"
+)
+
+func init() {
+	for _, cidr := range []string{
+		"127.0.0.0/8",    // IPv4 loopback
+		"10.0.0.0/8",     // RFC1918
+		"172.16.0.0/12",  // RFC1918
+		"192.168.0.0/16", // RFC1918
+		"169.254.0.0/16", // RFC3927 link-local
+		"::1/128",        // IPv6 loopback
+		"fe80::/10",      // IPv6 link-local
+		"fc00::/7",       // IPv6 unique local addr
+	} {
+		_, block, err := net.ParseCIDR(cidr)
+		if err != nil {
+			panic(fmt.Errorf("parse error on %q: %v", cidr, err))
+		}
+		privateIPBlocks = append(privateIPBlocks, block)
+	}
+}
+
+func isPrivateIP(ip net.IP) bool {
+	if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
+		return true
+	}
+	for _, block := range privateIPBlocks {
+		if block.Contains(ip) {
+			return true
+		}
+	}
+	return false
+}
+
+// AddressReferencesPrivateIp returns an error if the address references a private IP address
+func AddressReferencesPrivateIp(address string) error {
+	host, _, err := net.SplitHostPort(address)
+	if err != nil {
+		return err
+	}
+	// Check for a private IP address or loopback
+	ip := net.ParseIP(host)
+	if isPrivateIP(ip) {
+		return errors.New(ErrPrivateIpAddress)
+	}
+
+	return nil
+}

pkg/networking/utilities.go

@@ -15,7 +15,7 @@ var (
 // NewRegistryProvider creates a new registry provider based on the configuration
 func NewRegistryProvider(cfg *config.Config) Provider {
 	if cfg != nil && len(cfg.RegistryUrl) > 0 {
-		return NewRemoteRegistryProvider(cfg.RegistryUrl)
+		return NewRemoteRegistryProvider(cfg.RegistryUrl, cfg.AllowPrivateRegistryIp)
 	}
 	return NewEmbeddedRegistryProvider()
 }

pkg/registry/factory.go

@@ -108,7 +108,7 @@ func TestRemoteRegistryProvider(t *testing.T) {
 	t.Parallel()
 	// Note: This test would require a mock HTTP server for full testing
 	// For now, we just test the creation
-	provider := NewRemoteRegistryProvider("https://example.com/registry.json")
+	provider := NewRemoteRegistryProvider("https://example.com/registry.json", false)
 
 	if provider == nil {
 		t.Fatal("NewRemoteRegistryProvider() returned nil")

pkg/registry/provider_test.go

@@ -12,23 +12,25 @@ import (
 
 // RemoteRegistryProvider provides registry data from a remote HTTP endpoint
 type RemoteRegistryProvider struct {
-	registryURL  string
-	registry     *Registry
-	registryOnce sync.Once
-	registryErr  error
+	registryURL    string
+	allowPrivateIp bool
+	registry       *Registry
+	registryOnce   sync.Once
+	registryErr    error
 }
 
 // NewRemoteRegistryProvider creates a new remote registry provider
-func NewRemoteRegistryProvider(registryURL string) *RemoteRegistryProvider {
+func NewRemoteRegistryProvider(registryURL string, allowPrivateIp bool) *RemoteRegistryProvider {
 	return &RemoteRegistryProvider{
-		registryURL: registryURL,
+		registryURL:    registryURL,
+		allowPrivateIp: allowPrivateIp,
 	}
 }
 
 // GetRegistry returns the remote registry data
 func (p *RemoteRegistryProvider) GetRegistry() (*Registry, error) {
 	p.registryOnce.Do(func() {
-		client := networking.GetProtectedHttpClient()
+		client := networking.GetHttpClient(p.allowPrivateIp)
 		resp, err := client.Get(p.registryURL)
 		if err != nil {
 			p.registryErr = fmt.Errorf("failed to fetch registry data from URL %s: %w", p.registryURL, err)