Skip to content

Commit

Permalink
Merge pull request #52 from helsing-ai/amello/auth-validation
Browse files Browse the repository at this point in the history
Improve artifactory response validations
  • Loading branch information
asmello authored Sep 15, 2023
2 parents 967c437 + bfedbc2 commit 67b7a61
Showing 1 changed file with 32 additions and 3 deletions.
35 changes: 32 additions & 3 deletions src/registry/artifactory.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,10 @@ impl Artifactory {
url
};

let response = reqwest::Client::new()
let response = reqwest::Client::builder()
.redirect(reqwest::redirect::Policy::none())
.build()
.wrap_err("client error")?
.get(repositories_uri.clone())
.header(
"X-JFrog-Art-Api",
Expand Down Expand Up @@ -88,7 +91,10 @@ impl Registry for Artifactory {
url
};

let response = reqwest::Client::new()
let response = reqwest::Client::builder()
.redirect(reqwest::redirect::Policy::none())
.build()
.wrap_err("client error")?
.get(artifact_uri.clone())
.header(
"X-JFrog-Art-Api",
Expand All @@ -97,6 +103,21 @@ impl Registry for Artifactory {
.send()
.await?;

ensure!(
response.status() != 302,
"Remote server attempted to redirect request - is the Artifactory URL valid?"
);

let headers = response.headers();
let content_type = headers
.get(&reqwest::header::CONTENT_TYPE)
.wrap_err("missing header in response")?;

ensure!(
content_type == reqwest::header::HeaderValue::from_static("application/x-gzip"),
"Server response has incorrect mime type: {content_type:?}"
);

ensure!(
response.status().is_success(),
"Failed to fetch {dependency}: {}",
Expand All @@ -123,7 +144,10 @@ impl Registry for Artifactory {
.parse()
.wrap_err("Failed to construct artifact uri")?;

let response = reqwest::Client::new()
let response = reqwest::Client::builder()
.redirect(reqwest::redirect::Policy::none())
.build()
.wrap_err("client error")?
.put(artifact_uri.clone())
.header(
"X-JFrog-Art-Api",
Expand All @@ -134,6 +158,11 @@ impl Registry for Artifactory {
.await
.wrap_err("Failed to upload release to artifactory")?;

ensure!(
response.status() != 302,
"Remote server attempted to redirect publish request - is the Artifactory URL valid?"
);

ensure!(
response.status().is_success(),
"Failed to publish {}: {}",
Expand Down

0 comments on commit 67b7a61

Please sign in to comment.