Disable redirects to UNIX sockets (sindresorhus#2047)

Author: szmarczak

source/core/index.ts

@@ -23,6 +23,7 @@ import calculateRetryDelay from './calculate-retry-delay.js';
 import Options, {OptionsError, OptionsInit} from './options.js';
 import {isResponseOk, Response} from './response.js';
 import isClientRequest from './utils/is-client-request.js';
+import isUnixSocketURL from './utils/is-unix-socket-url.js';
 import {
 	RequestError,
 	ReadError,
@@ -727,6 +728,11 @@ export default class Request extends Duplex implements RequestEvents<Request> {
 				const redirectBuffer = Buffer.from(response.headers.location, 'binary').toString();
 				const redirectUrl = new URL(redirectBuffer, url);
 
+				if (!isUnixSocketURL(url as URL) && isUnixSocketURL(redirectUrl)) {
+					this._beforeError(new RequestError('Cannot redirect to UNIX socket', {}, this));
+					return;
+				}
+
 				// Redirecting to a different site, clear sensitive data.
 				if (redirectUrl.hostname !== (url as URL).hostname || redirectUrl.port !== (url as URL).port) {
 					if ('host' in updatedOptions.headers) {

source/core/utils/is-unix-socket-url.ts

@@ -0,0 +1,6 @@
+import {URL} from 'url';
+
+// eslint-disable-next-line @typescript-eslint/naming-convention
+export default function isUnixSocketURL(url: URL) {
+	return url.protocol === 'unix:' || url.hostname === 'unix';
+}

test/redirects.ts

@@ -2,7 +2,7 @@ import {Buffer} from 'buffer';
 import test from 'ava';
 import {Handler} from 'express';
 import nock from 'nock';
-import got, {MaxRedirectsError} from '../source/index.js';
+import got, {MaxRedirectsError, RequestError} from '../source/index.js';
 import withServer, {withHttpsServer} from './helpers/with-server.js';
 
 const reachedHandler: Handler = (_request, response) => {
@@ -28,6 +28,35 @@ const relativeHandler: Handler = (_request, response) => {
 	response.end();
 };
 
+const unixProtocol: Handler = (_request, response) => {
+	response.writeHead(302, {
+		location: 'unix:/var/run/docker.sock:/containers/json',
+	});
+	response.end();
+};
+
+const unixHostname: Handler = (_request, response) => {
+	response.writeHead(302, {
+		location: 'http://unix:/var/run/docker.sock:/containers/json',
+	});
+	response.end();
+};
+
+test('cannot redirect to unix protocol', withServer, async (t, server, got) => {
+	server.get('/protocol', unixProtocol);
+	server.get('/hostname', unixHostname);
+
+	await t.throwsAsync(got('protocol'), {
+		message: 'Cannot redirect to UNIX socket',
+		instanceOf: RequestError,
+	});
+
+	await t.throwsAsync(got('hostname'), {
+		message: 'Cannot redirect to UNIX socket',
+		instanceOf: RequestError,
+	});
+});
+
 test('follows redirect', withServer, async (t, server, got) => {
 	server.get('/', reachedHandler);
 	server.get('/finite', finiteHandler);

test/unix-socket.ts

@@ -9,6 +9,13 @@ const okHandler: Handler = (_request, response) => {
 	response.end('ok');
 };
 
+const redirectHandler: Handler = (_request, response) => {
+	response.writeHead(302, {
+		location: 'foo',
+	});
+	response.end();
+};
+
 if (process.platform !== 'win32') {
 	test('works', withSocketServer, async (t, server) => {
 		server.on('/', okHandler);
@@ -53,4 +60,12 @@ if (process.platform !== 'win32') {
 		const url = format('http://unix:%s:%s', server.socketPath, '/?a=1');
 		t.is((await got(url)).body, 'ok');
 	});
+
+	test('redirects work', withSocketServer, async (t, server) => {
+		server.on('/', redirectHandler);
+		server.on('/foo', okHandler);
+
+		const url = format('http://unix:%s:%s', server.socketPath, '/');
+		t.is((await got(url)).body, 'ok');
+	});
 }