[two bugs away] checking for invalid symbols in path (#250)

Author: scale-tone

durablefunctionsmonitor.dotnetbackend/Common/Auth.cs

@@ -7,10 +7,10 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.IO;
 using System.Linq;
-using System.Reflection;
 using System.Security.Claims;
 using System.Text.RegularExpressions;
 using System.Threading.Tasks;
+using System.Web;
 using Microsoft.AspNetCore.Http;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
@@ -246,6 +246,20 @@ public static void ThrowIfTaskHubNameHasInvalidSymbols(string hubName)
             }
         }
 
+        // Checks that a path does not look malicious
+        public static void ThrowIfPathHasInvalidSymbols(string path)
+        {
+            if (!string.IsNullOrEmpty(path))
+            {
+                string invalidSymbols = "{}()<>:;=";
+
+                if (invalidSymbols.Any(path.Contains) || invalidSymbols.Any(HttpUtility.UrlDecode(path).Contains))
+                {
+                    throw new ArgumentException($"Path contains invalid characters.");
+                }
+            }
+        }
+
         // Checks that a Task Hub name is valid for this instace
         public static async Task ThrowIfTaskHubNameIsInvalid(string hubName)
         {

durablefunctionsmonitor.dotnetbackend/Functions/ServeStatics.cs

@@ -162,6 +162,8 @@ private static async Task<ContentResult> ReturnIndexHtml(ExecutionContext contex
                     routePrefix = requestPath.Substring(0, pos);
                 }
             }
+            // Two bugs away. Checking that route prefix does not look malicious.
+            Auth.ThrowIfPathHasInvalidSymbols(routePrefix);
 
             routePrefix = routePrefix?.Trim('/');
 

durablefunctionsmonitor.dotnetisolated.core/Common/Auth.cs

@@ -6,6 +6,7 @@
 using System.Security.Claims;
 using System.Text;
 using System.Text.RegularExpressions;
+using System.Web;
 using Microsoft.Azure.Functions.Worker.Http;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
@@ -244,6 +245,20 @@ public static void ThrowIfTaskHubNameHasInvalidSymbols(string hubName)
             }
         }
 
+        // Checks that a path does not look malicious
+        public static void ThrowIfPathHasInvalidSymbols(string path)
+        {
+            if (!string.IsNullOrEmpty(path))
+            {
+                string invalidSymbols = "{}()<>:;=";
+
+                if (invalidSymbols.Any(path.Contains) || invalidSymbols.Any(HttpUtility.UrlDecode(path).Contains))
+                {
+                    throw new DfmUnauthorizedException($"Path contains invalid characters.");
+                }
+            }
+        }
+
         // Checks that a Task Hub name is valid for this instace
         public static async Task ThrowIfTaskHubNameIsInvalid(string hubName, DfmExtensionPoints extensionPoints)
         {

durablefunctionsmonitor.dotnetisolated.core/Functions/ServeStatics.cs

@@ -167,6 +167,9 @@ private async Task<string> ReturnIndexHtml(ILogger log, string rootFolderName, s
                 }
             }
 
+            // Two bugs away. Checking that route prefix does not look malicious.
+            Auth.ThrowIfPathHasInvalidSymbols(routePrefix);
+
             routePrefix = routePrefix?.Trim('/');
 
             // Prepending ingress route prefix, if configured