Security issue: can proxy any image from any server #9
Comments
5 tasks
|
👆 I've just created a sample PR in my fork as a reference, there're still some problem with the changes, but that can help you guys to make things further. |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The proxy will accept a target URL from query or the params part in the request, then it will download it even if the image if not coming from a Misskey instance in the federation.
That will cause a security issue that as a public proxy server, someone can easily abuse it to proxy something from any server, which might a harmful content, and the abusive behavior can also cause server traffic to be wasted, which can be used to launch malicious attacks on server instances with limited traffic.
Here is a possible solution to this issue:
The misskey instance knows which original servers the inbox receives media files from, and it must have an available URL to pull the original media files. Misskey instance can resolve the domain from the URL of media files, and add them to a whitelist automatically (the whitelist can be saved into DB, and use Redis or something other to notify the proxy that the whitelist should be reloaded), then the proxy can be secured by filter the URL with the domains in the whitelist.
Alternatively, it is also possible to check the domains of the individual instances within the federation, but this may not be as accurate (some instances may use different CDN domains).
(Actually, just add a simple signature can also make things better in a small cost way :D)
The text was updated successfully, but these errors were encountered: