Confirm download link if not whitelisted

Author: code-asher

src/main/kotlin/com/coder/gateway/CoderGatewayConnectionProvider.kt

@@ -116,6 +116,10 @@ class CoderGatewayConnectionProvider : GatewayConnectionProvider {
                 throw IllegalArgumentException("One of \"$IDE_PATH_ON_HOST\" or \"$IDE_DOWNLOAD_LINK\" is required")
             }
 
+            // Check that both the domain and the redirected domain are
+            // whitelisted.  If not, check with the user whether to proceed.
+            verifyDownloadLink(parameters, deploymentURL.toURL())
+
             // TODO: Ask for the project path if missing and validate the path.
             val folder = parameters[FOLDER] ?: throw IllegalArgumentException("Query parameter \"$FOLDER\" is missing")
 
@@ -155,6 +159,40 @@ class CoderGatewayConnectionProvider : GatewayConnectionProvider {
         }
     }
 
+    /**
+     * Check that the link is whitelisted.  If not, confirm with the user.
+     */
+    private fun verifyDownloadLink(parameters: Map<String, String>, deploymentURL: URL) {
+        val link = parameters[IDE_DOWNLOAD_LINK]
+        if (link.isNullOrBlank()) {
+            return // Nothing to verify
+        }
+
+        val url = try {
+            link.toURL()
+        } catch (ex: Exception) {
+            throw IllegalArgumentException("$link is not a valid URL")
+        }
+
+        val (whitelisted, https, linkWithRedirect) = CoderRemoteConnectionHandle.isWhitelisted(url, deploymentURL)
+        if (whitelisted && https) {
+            return
+        }
+
+        val comment = if (whitelisted)
+            "The download link is from a non-whitelisted URL. Would you like to proceed?"
+        else if (https) "The download link is not using HTTPS. Would you like to proceed?"
+        else "The download link is from a non-whitelisted URL and is not using HTTPS. Would you like to proceed?"
+
+        if (!CoderRemoteConnectionHandle.confirm(
+                "Confirm download URL",
+                comment,
+                linkWithRedirect,
+            )) {
+            throw IllegalArgumentException("$linkWithRedirect is not whitelisted")
+        }
+    }
+
     override fun isApplicable(parameters: Map<String, String>): Boolean {
         return parameters.areCoderType()
     }

src/main/kotlin/com/coder/gateway/CoderRemoteConnectionHandle.kt

@@ -35,9 +35,11 @@ import kotlinx.coroutines.launch
 import net.schmizz.sshj.common.SSHException
 import net.schmizz.sshj.connection.ConnectionException
 import java.awt.Dimension
+import java.net.HttpURLConnection
 import java.net.URL
 import java.time.Duration
 import java.util.concurrent.TimeoutException
+import javax.net.ssl.SSLHandshakeException
 
 // CoderRemoteConnection uses the provided workspace SSH parameters to launch an
 // IDE against the workspace.  If successful the connection is added to recent
@@ -105,6 +107,33 @@ class CoderRemoteConnectionHandle {
     companion object {
         val logger = Logger.getInstance(CoderRemoteConnectionHandle::class.java.simpleName)
 
+        /**
+         * Generic function to ask for consent.
+         */
+        fun confirm(title: String, comment: String, details: String): Boolean {
+            var inputFromUser = false
+            ApplicationManager.getApplication().invokeAndWait({
+                val panel = panel {
+                    row {
+                        label(comment)
+                    }
+                    row {
+                        label(details)
+                    }
+                }
+                AppIcon.getInstance().requestAttention(null, true)
+                if (!dialog(
+                        title = title,
+                        panel = panel,
+                    ).showAndGet()
+                ) {
+                    return@invokeAndWait
+                }
+                inputFromUser = true
+            }, ModalityState.defaultModalityState())
+            return inputFromUser
+        }
+
         /**
          * Generic function to ask for input.
          */
@@ -209,5 +238,66 @@ class CoderRemoteConnectionHandle {
             }
             return Pair(tokenFromUser, tokenSource)
         }
+
+        /**
+         * Return if the URL is whitelisted, https, and the URL and its final
+         * destination, if it is a different host.
+         */
+        @JvmStatic
+        fun isWhitelisted(url: URL, deploymentURL: URL): Triple<Boolean, Boolean, String> {
+            // TODO: Setting for the whitelist, and remember previously allowed
+            //  domains.
+            val domainWhitelist = listOf("intellij.net", "jetbrains.com", deploymentURL.host)
+
+            // Resolve any redirects.
+            val finalUrl = try {
+                resolveRedirects(url)
+            } catch (e: Exception) {
+                when (e) {
+                    is SSLHandshakeException ->
+                    throw Exception(CoderGatewayBundle.message(
+                        "gateway.connector.view.workspaces.connect.ssl-error",
+                        url.host,
+                        e.message ?: CoderGatewayBundle.message("gateway.connector.view.workspaces.connect.no-reason")
+                    ))
+                    else -> throw e
+                }
+            }
+
+            var linkWithRedirect = url.toString()
+            if (finalUrl.host != url.host) {
+                linkWithRedirect = "$linkWithRedirect (redirects to to $finalUrl)"
+            }
+
+            val whitelisted = domainWhitelist.any { url.host == it || url.host.endsWith(".$it") }
+                    && domainWhitelist.any { finalUrl.host == it || finalUrl.host.endsWith(".$it") }
+            val https = url.protocol == "https" && finalUrl.protocol == "https"
+            return Triple(whitelisted, https, linkWithRedirect)
+        }
+
+        /**
+         * Follow a URL's redirects to its final destination.
+         */
+        @JvmStatic
+        fun resolveRedirects(url: URL): URL {
+            var location = url
+            val maxRedirects = 10
+            for (i in 1..maxRedirects) {
+                val conn = location.openConnection() as HttpURLConnection
+                conn.instanceFollowRedirects = false
+                conn.connect()
+                val code = conn.responseCode
+                val nextLocation = conn.getHeaderField("Location");
+                conn.disconnect()
+                // Redirects are triggered by any code starting with 3 plus a
+                // location header.
+                if (code < 300 || code >= 400 || nextLocation.isNullOrBlank()) {
+                    return location
+                }
+                // Location headers might be relative.
+                location = URL(location, nextLocation)
+            }
+            throw Exception("Too many redirects")
+        }
     }
 }

src/test/groovy/CoderRemoteConnectionHandleTest.groovy

@@ -0,0 +1,71 @@
+package com.coder.gateway
+
+import com.sun.net.httpserver.HttpExchange
+import com.sun.net.httpserver.HttpHandler
+import com.sun.net.httpserver.HttpServer
+import spock.lang.Specification
+import spock.lang.Unroll
+
+@Unroll
+class CoderRemoteConnectionHandleTest extends Specification {
+    /**
+     * Create, start, and return a server that uses the provided handler.
+     */
+    def mockServer(HttpHandler handler) {
+        HttpServer srv = HttpServer.create(new InetSocketAddress(0), 0)
+        srv.createContext("/", handler)
+        srv.start()
+        return [srv, "http://localhost:" + srv.address.port]
+    }
+
+    /**
+     * Create, start, and return a server that mocks redirects.
+     */
+    def mockRedirectServer(String location, Boolean temp) {
+        return mockServer(new HttpHandler() {
+            void handle(HttpExchange exchange) {
+                exchange.responseHeaders.set("Location", location)
+                exchange.sendResponseHeaders(
+                        temp ? HttpURLConnection.HTTP_MOVED_TEMP : HttpURLConnection.HTTP_MOVED_PERM,
+                        -1)
+                exchange.close()
+            }
+        })
+    }
+
+    def "follows redirects"() {
+        given:
+        def (srv1, url1) = mockServer(new HttpHandler() {
+            void handle(HttpExchange exchange) {
+                exchange.close()
+            }
+        })
+        def (srv2, url2) = mockRedirectServer(url1, false)
+        def (srv3, url3) = mockRedirectServer(url2, true)
+
+        when:
+        def resolved = CoderRemoteConnectionHandle.resolveRedirects(new URL(url3))
+
+        then:
+        resolved.toString() == url1
+
+        cleanup:
+        srv1.stop(0)
+        srv2.stop(0)
+        srv3.stop(0)
+    }
+
+    def "follows maximum redirects"() {
+        given:
+        def (srv, url) = mockRedirectServer(".", true)
+
+        when:
+        CoderRemoteConnectionHandle.resolveRedirects(new URL(url))
+
+        then:
+        thrown(Exception)
+
+        cleanup:
+        srv.stop(0)
+    }
+}