[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For

2016-05-02 14:34:55 +02:00 · 2016-05-02 14:34:55 +02:00 · db841018dc
parent 1f00b55373
commit db841018dc
4 changed files with 103 additions and 2 deletions
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/web.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/web.xml
@ -46,5 +46,9 @@
            <argument type="service" id="request_stack" />
            <tag name="kernel.event_subscriber" />
        </service>
+
+        <service id="validate_request_listener" class="Symfony\Component\HttpKernel\EventListener\ValidateRequestListener">
+            <tag name="kernel.event_subscriber" />
+        </service>
    </services>
 </container>
--- a/src/Symfony/Bundle/FrameworkBundle/composer.json
+++ b/src/Symfony/Bundle/FrameworkBundle/composer.json
@ -22,8 +22,8 @@
        "symfony/config": "~2.4",
        "symfony/event-dispatcher": "~2.5",
        "symfony/finder": "~2.0,>=2.0.5",
-        "symfony/http-foundation": "~2.4.9|~2.5,>=2.5.4",
-        "symfony/http-kernel": "~2.7",
+        "symfony/http-foundation": "~2.7",
+        "symfony/http-kernel": "~2.7.15|~2.8.8",
        "symfony/filesystem": "~2.3",
        "symfony/routing": "~2.6,>2.6.4",
        "symfony/security-core": "~2.6.13|~2.7.9|~2.8",
--- a/src/Symfony/Component/HttpKernel/EventListener/ValidateRequestListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/ValidateRequestListener.php
@ -0,0 +1,55 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpKernel\EventListener;
+
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
+
+/**
+ * Validates that the headers and other information indicating the
+ * client IP address of a request are consistent.
+ *
+ * @author Magnus Nordlander <magnus@fervo.se>
+ */
+class ValidateRequestListener implements EventSubscriberInterface
+{
+    /**
+     * Performs the validation.
+     *
+     * @param GetResponseEvent $event
+     */
+    public function onKernelRequest(GetResponseEvent $event)
+    {
+        if (!$event->isMasterRequest()) {
+            return;
+        }
+        $request = $event->getRequest();
+
+        if ($request::getTrustedProxies()) {
+            // This will throw an exception if the headers are inconsistent.
+            $request->getClientIps();
+        }
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents()
+    {
+        return array(
+            KernelEvents::REQUEST => array(
+                array('onKernelRequest', 256),
+            ),
+        );
+    }
+}
--- a/src/Symfony/Component/HttpKernel/Tests/EventListener/ValidateRequestListenerTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/EventListener/ValidateRequestListenerTest.php
@ -0,0 +1,42 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpKernel\Tests\EventListener;
+
+use Symfony\Component\EventDispatcher\EventDispatcher;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\EventListener\ValidateRequestListener;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\HttpKernel\KernelEvents;
+
+class ValidateRequestListenerTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @expectedException Symfony\Component\HttpFoundation\Exception\ConflictingHeadersException
+     */
+    public function testListenerThrowsWhenMasterRequestHasInconsistentClientIps()
+    {
+        $dispatcher = new EventDispatcher();
+        $kernel = $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface');
+
+        $request = new Request();
+        $request->setTrustedProxies(array('1.1.1.1'));
+        $request->server->set('REMOTE_ADDR', '1.1.1.1');
+        $request->headers->set('FORWARDED', '2.2.2.2');
+        $request->headers->set('X_FORWARDED_FOR', '3.3.3.3');
+
+        $dispatcher->addListener(KernelEvents::REQUEST, array(new ValidateRequestListener(), 'onKernelRequest'));
+        $event = new GetResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST);
+
+        $dispatcher->dispatch(KernelEvents::REQUEST, $event);
+    }
+}