Backport 861ccd9

sindresorhus · May 25, 2022 · bce8ce7 · bce8ce7
1 parent 8ced192
commit bce8ce7
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 1 deletion.
diff --git a/source/core/index.ts b/source/core/index.ts
@@ -2100,6 +2100,16 @@ export default class Request extends Duplex implements RequestEvents<Request> {
 				const redirectString = redirectUrl.toString();
 				decodeURI(redirectString);
 
+				// eslint-disable-next-line no-inner-declarations
+				function isUnixSocketURL(url: URL) {
+					return url.protocol === 'unix:' || url.hostname === 'unix';
+				}
+
+				if (!isUnixSocketURL(url) && isUnixSocketURL(redirectUrl)) {
+					this._beforeError(new RequestError('Cannot redirect to UNIX socket', {}, this));
+					return;
+				}
+
 				// Redirecting to a different site, clear sensitive data.
 				if (redirectUrl.hostname !== url.hostname || redirectUrl.port !== url.port) {
 					if ('host' in options.headers) {

diff --git a/test/redirects.ts b/test/redirects.ts
@@ -1,7 +1,7 @@
 import test from 'ava';
 import {Handler} from 'express';
 import nock = require('nock');
-import got, {MaxRedirectsError} from '../source';
+import got, {MaxRedirectsError, RequestError} from '../source';
 import withServer, {withHttpsServer} from './helpers/with-server';
 
 const reachedHandler: Handler = (_request, response) => {
@@ -509,3 +509,32 @@ test('correct port on redirect', withServer, async (t, server1, got) => {
 		t.is(response.body, 'SERVER2');
 	});
 });
+
+const unixProtocol: Handler = (_request, response) => {
+	response.writeHead(302, {
+		location: 'unix:/var/run/docker.sock:/containers/json'
+	});
+	response.end();
+};
+
+const unixHostname: Handler = (_request, response) => {
+	response.writeHead(302, {
+		location: 'http://unix:/var/run/docker.sock:/containers/json'
+	});
+	response.end();
+};
+
+test('cannot redirect to unix protocol', withServer, async (t, server, got) => {
+	server.get('/protocol', unixProtocol);
+	server.get('/hostname', unixHostname);
+
+	await t.throwsAsync(got('protocol'), {
+		message: 'Cannot redirect to UNIX socket',
+		instanceOf: RequestError
+	});
+
+	await t.throwsAsync(got('hostname'), {
+		message: 'Cannot redirect to UNIX socket',
+		instanceOf: RequestError
+	});
+});
diff --git a/test/unix-socket.ts b/test/unix-socket.ts
@@ -8,6 +8,13 @@ const okHandler: Handler = (_request, response) => {
 	response.end('ok');
 };
 
+const redirectHandler: Handler = (_request, response) => {
+	response.writeHead(302, {
+		location: 'foo'
+	});
+	response.end();
+};
+
 if (process.platform !== 'win32') {
 	test('works', withSocketServer, async (t, server) => {
 		server.on('/', okHandler);
@@ -53,3 +60,11 @@ if (process.platform !== 'win32') {
 		t.is((await got(url)).body, 'ok');
 	});
 }
+
+test('redirects work', withSocketServer, async (t, server) => {
+	server.on('/', redirectHandler);
+	server.on('/foo', okHandler);
+
+	const url = format('http://unix:%s:%s', server.socketPath, '/');
+	t.is((await got(url)).body, 'ok');
+});