fix(plugin-server): trackedFetch lookups (#25398)

2024-11-21 21:49:51 +01:00 · 2024-10-04 17:37:03 +02:00 · 2024-10-04 17:37:03 +02:00 · 6e8f035f9a
commit 6e8f035f9a
parent a1e9761b3a
1 changed files with 32 additions and 0 deletions
--- a/plugin-server/src/utils/fetch.ts
+++ b/plugin-server/src/utils/fetch.ts
@ -2,13 +2,38 @@

 import { LookupAddress } from 'dns'
 import dns from 'dns/promises'
+import http from 'http'
+import https from 'https'
 import * as ipaddr from 'ipaddr.js'
+import net from 'node:net'
 import fetch, { type RequestInfo, type RequestInit, type Response, FetchError, Request } from 'node-fetch'
 import { URL } from 'url'

 import { runInSpan } from '../sentry'
 import { isProdEnv } from './env-utils'

+const staticLookup: net.LookupFunction = async (hostname, options, cb) => {
+    let addrinfo: LookupAddress[]
+    try {
+        addrinfo = await dns.lookup(hostname, { all: true })
+    } catch (err) {
+        cb(new Error('Invalid hostname'), '', 4)
+        return
+    }
+    for (const { address } of addrinfo) {
+        // Prevent addressing internal services
+        if (ipaddr.parse(address).range() !== 'unicast') {
+            cb(new Error('Internal hostname'), '', 4)
+            return
+        }
+    }
+    if (addrinfo.length === 0) {
+        cb(new Error(`Unable to resolve ${hostname}`), '', 4)
+        return
+    }
+    cb(null, addrinfo[0].address, addrinfo[0].family)
+}
+
 export async function trackedFetch(url: RequestInfo, init?: RequestInit): Promise<Response> {
    const request = new Request(url, init)
    return await runInSpan(
@ -19,6 +44,13 @@ export async function trackedFetch(url: RequestInfo, init?: RequestInit): Promis
        async () => {
            if (isProdEnv() && !process.env.NODE_ENV?.includes('functional-tests')) {
                await raiseIfUserProvidedUrlUnsafe(request.url)
+                return await fetch(url, {
+                    ...init,
+                    agent: ({ protocol }: URL) =>
+                        protocol === 'http:'
+                            ? new http.Agent({ lookup: staticLookup })
+                            : new https.Agent({ lookup: staticLookup }),
+                })
            }
            return await fetch(url, init)
        }