d4708
/
qBittorrent
mirror of https://github.com/d47081/qBittorrent.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Expose SSRF mitigation (#15247)

adaptive-webui-19844
Sylvain Finot 3 years ago committed by GitHub
parent
11a063ea66
commit
e87f8f5b93
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 43 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      src/base/bittorrent/session.cpp
  2. 3
      src/base/bittorrent/session.h
  3. 8
      src/gui/advancedsettings.cpp
  4. 2
      src/gui/advancedsettings.h
  5. 5
      src/webui/api/appcontroller.cpp
  6. 10
      src/webui/www/private/views/preferences.html

16
src/base/bittorrent/session.cpp
Unescape View File

@ -388,6 +388,7 @@ Session::Session(QObject *parent) @@ -388,6 +388,7 @@ Session::Session(QObject *parent)
, m_IDNSupportEnabled(BITTORRENT_SESSION_KEY("IDNSupportEnabled"), false)
, m_multiConnectionsPerIpEnabled(BITTORRENT_SESSION_KEY("MultiConnectionsPerIp"), false)
, m_validateHTTPSTrackerCertificate(BITTORRENT_SESSION_KEY("ValidateHTTPSTrackerCertificate"), true)
, m_SSRFMitigationEnabled(BITTORRENT_SESSION_KEY("SSRFMitigation"), true)
, m_blockPeersOnPrivilegedPorts(BITTORRENT_SESSION_KEY("BlockPeersOnPrivilegedPorts"), false)
, m_isAddTrackersEnabled(BITTORRENT_SESSION_KEY("AddTrackersEnabled"), false)
, m_additionalTrackers(BITTORRENT_SESSION_KEY("AdditionalTrackers"))
@ -1381,6 +1382,8 @@ void Session::loadLTSettings(lt::settings_pack &settingsPack) @@ -1381,6 +1382,8 @@ void Session::loadLTSettings(lt::settings_pack &settingsPack)
settingsPack.set_bool(lt::settings_pack::validate_https_trackers, validateHTTPSTrackerCertificate());
settingsPack.set_bool(lt::settings_pack::ssrf_mitigation, isSSRFMitigationEnabled());
settingsPack.set_bool(lt::settings_pack::no_connect_privileged_ports, blockPeersOnPrivilegedPorts());
settingsPack.set_bool(lt::settings_pack::apply_ip_filter_to_trackers, isTrackerFilteringEnabled());
@ -3748,6 +3751,19 @@ void Session::setValidateHTTPSTrackerCertificate(const bool enabled) @@ -3748,6 +3751,19 @@ void Session::setValidateHTTPSTrackerCertificate(const bool enabled)
configureDeferred();
}
bool Session::isSSRFMitigationEnabled() const
{
return m_SSRFMitigationEnabled;
}
void Session::setSSRFMitigationEnabled(const bool enabled)
{
if (enabled == m_SSRFMitigationEnabled) return;
m_SSRFMitigationEnabled = enabled;
configureDeferred();
}
bool Session::blockPeersOnPrivilegedPorts() const
{
return m_blockPeersOnPrivilegedPorts;

3
src/base/bittorrent/session.h
Unescape View File

@ -427,6 +427,8 @@ namespace BitTorrent @@ -427,6 +427,8 @@ namespace BitTorrent
void setMultiConnectionsPerIpEnabled(bool enabled);
bool validateHTTPSTrackerCertificate() const;
void setValidateHTTPSTrackerCertificate(bool enabled);
bool isSSRFMitigationEnabled() const;
void setSSRFMitigationEnabled(bool enabled);
bool blockPeersOnPrivilegedPorts() const;
void setBlockPeersOnPrivilegedPorts(bool enabled);
bool isTrackerFilteringEnabled() const;
@ -700,6 +702,7 @@ namespace BitTorrent @@ -700,6 +702,7 @@ namespace BitTorrent
CachedSettingValue<bool> m_IDNSupportEnabled;
CachedSettingValue<bool> m_multiConnectionsPerIpEnabled;
CachedSettingValue<bool> m_validateHTTPSTrackerCertificate;
CachedSettingValue<bool> m_SSRFMitigationEnabled;
CachedSettingValue<bool> m_blockPeersOnPrivilegedPorts;
CachedSettingValue<bool> m_isAddTrackersEnabled;
CachedSettingValue<QString> m_additionalTrackers;

8
src/gui/advancedsettings.cpp
Unescape View File

@ -126,6 +126,7 @@ namespace @@ -126,6 +126,7 @@ namespace
IDN_SUPPORT,
MULTI_CONNECTIONS_PER_IP,
VALIDATE_HTTPS_TRACKER_CERTIFICATE,
SSRF_MITIGATION,
BLOCK_PEERS_ON_PRIVILEGED_PORTS,
// seeding
CHOKING_ALGORITHM,
@ -246,6 +247,8 @@ void AdvancedSettings::saveAdvancedSettings() @@ -246,6 +247,8 @@ void AdvancedSettings::saveAdvancedSettings()
session->setMultiConnectionsPerIpEnabled(m_checkBoxMultiConnectionsPerIp.isChecked());
// Validate HTTPS tracker certificate
session->setValidateHTTPSTrackerCertificate(m_checkBoxValidateHTTPSTrackerCertificate.isChecked());
// SSRF mitigation
session->setSSRFMitigationEnabled(m_checkBoxSSRFMitigation.isChecked());
// Disallow connection to peers on privileged ports
session->setBlockPeersOnPrivilegedPorts(m_checkBoxBlockPeersOnPrivilegedPorts.isChecked());
// Recheck torrents on completion
@ -599,6 +602,11 @@ void AdvancedSettings::loadAdvancedSettings() @@ -599,6 +602,11 @@ void AdvancedSettings::loadAdvancedSettings()
addRow(VALIDATE_HTTPS_TRACKER_CERTIFICATE, (tr("Validate HTTPS tracker certificates")
+ ' ' + makeLink("https://www.libtorrent.org/reference-Settings.html#validate_https_trackers", "(?)"))
, &m_checkBoxValidateHTTPSTrackerCertificate);
// SSRF mitigation
m_checkBoxSSRFMitigation.setChecked(session->isSSRFMitigationEnabled());
addRow(SSRF_MITIGATION, (tr("Server-side request forgery (SSRF) mitigation")
+ ' ' + makeLink("https://www.libtorrent.org/reference-Settings.html#ssrf_mitigation", "(?)"))
, &m_checkBoxSSRFMitigation);
// Disallow connection to peers on privileged ports
m_checkBoxBlockPeersOnPrivilegedPorts.setChecked(session->blockPeersOnPrivilegedPorts());
addRow(BLOCK_PEERS_ON_PRIVILEGED_PORTS, (tr("Disallow connection to peers on privileged ports") + ' ' + makeLink("https://libtorrent.org/single-page-ref.html#no_connect_privileged_ports", "(?)")), &m_checkBoxBlockPeersOnPrivilegedPorts);

2
src/gui/advancedsettings.h
Unescape View File

@ -68,7 +68,7 @@ private: @@ -68,7 +68,7 @@ private:
QCheckBox m_checkBoxOsCache, m_checkBoxRecheckCompleted, m_checkBoxResolveCountries, m_checkBoxResolveHosts,
m_checkBoxProgramNotifications, m_checkBoxTorrentAddedNotifications, m_checkBoxReannounceWhenAddressChanged, m_checkBoxTrackerFavicon, m_checkBoxTrackerStatus,
m_checkBoxConfirmTorrentRecheck, m_checkBoxConfirmRemoveAllTags, m_checkBoxAnnounceAllTrackers, m_checkBoxAnnounceAllTiers,
m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxBlockPeersOnPrivilegedPorts, m_checkBoxPieceExtentAffinity,
m_checkBoxMultiConnectionsPerIp, m_checkBoxValidateHTTPSTrackerCertificate, m_checkBoxSSRFMitigation, m_checkBoxBlockPeersOnPrivilegedPorts, m_checkBoxPieceExtentAffinity,
m_checkBoxSuggestMode, m_checkBoxSpeedWidgetEnabled, m_checkBoxIDNSupport;
QComboBox m_comboBoxInterface, m_comboBoxInterfaceAddress, m_comboBoxUtpMixedMode, m_comboBoxChokingAlgorithm,
m_comboBoxSeedChokingAlgorithm, m_comboBoxResumeDataStorage;

5
src/webui/api/appcontroller.cpp
Unescape View File

@ -335,6 +335,8 @@ void AppController::preferencesAction() @@ -335,6 +335,8 @@ void AppController::preferencesAction()
data["enable_multi_connections_from_same_ip"] = session->multiConnectionsPerIpEnabled();
// Validate HTTPS tracker certificate
data["validate_https_tracker_certificate"] = session->validateHTTPSTrackerCertificate();
// SSRF mitigation
data["ssrf_mitigation"] = session->isSSRFMitigationEnabled();
// Disallow connection to peers on privileged ports
data["block_peers_on_privileged_ports"] = session->blockPeersOnPrivilegedPorts();
// Embedded tracker
@ -819,6 +821,9 @@ void AppController::setPreferencesAction() @@ -819,6 +821,9 @@ void AppController::setPreferencesAction()
// Validate HTTPS tracker certificate
if (hasKey("validate_https_tracker_certificate"))
session->setValidateHTTPSTrackerCertificate(it.value().toBool());
// SSRF mitigation
if (hasKey("ssrf_mitigation"))
session->setSSRFMitigationEnabled(it.value().toBool());
// Disallow connection to peers on privileged ports
if (hasKey("block_peers_on_privileged_ports"))
session->setBlockPeersOnPrivilegedPorts(it.value().toBool());

10
src/webui/www/private/views/preferences.html
Unescape View File

@ -1151,6 +1151,14 @@ @@ -1151,6 +1151,14 @@
<input type="checkbox" id="validateHTTPSTrackerCertificate" />
</td>
</tr>
<tr>
<td>
<label for="mitigateSSRF">QBT_TR(Server-side request forgery (SSRF) mitigation:)QBT_TR[CONTEXT=OptionsDialog]&nbsp;<a href="https://www.libtorrent.org/reference-Settings.html#ssrf_mitigation" target="_blank">(?)</a></label>
</td>
<td>
<input type="checkbox" id="mitigateSSRF" />
</td>
</tr>
<tr>
<td>
<label for="blockPeersOnPrivilegedPorts">QBT_TR(Disallow connection to peers on privileged ports:)QBT_TR[CONTEXT=OptionsDialog]&nbsp;<a href="https://libtorrent.org/single-page-ref.html#no_connect_privileged_ports" target="_blank">(?)</a></label>
@ -1940,6 +1948,7 @@ @@ -1940,6 +1948,7 @@
$('IDNSupportCheckbox').setProperty('checked', pref.idn_support_enabled);
$('allowMultipleConnectionsFromTheSameIPAddress').setProperty('checked', pref.enable_multi_connections_from_same_ip);
$('validateHTTPSTrackerCertificate').setProperty('checked', pref.validate_https_tracker_certificate);
$('mitigateSSRF').setProperty('checked', pref.ssrf_mitigation);
$('blockPeersOnPrivilegedPorts').setProperty('checked', pref.block_peers_on_privileged_ports);
$('enableEmbeddedTracker').setProperty('checked', pref.enable_embedded_tracker);
$('embeddedTrackerPort').setProperty('value', pref.embedded_tracker_port);
@ -2334,6 +2343,7 @@ @@ -2334,6 +2343,7 @@
settings.set('idn_support_enabled', $('IDNSupportCheckbox').getProperty('checked'));
settings.set('enable_multi_connections_from_same_ip', $('allowMultipleConnectionsFromTheSameIPAddress').getProperty('checked'));
settings.set('validate_https_tracker_certificate', $('validateHTTPSTrackerCertificate').getProperty('checked'));
settings.set('ssrf_mitigation', $('mitigateSSRF').getProperty('checked'));
settings.set('block_peers_on_privileged_ports', $('blockPeersOnPrivilegedPorts').getProperty('checked'));
settings.set('enable_embedded_tracker', $('enableEmbeddedTracker').getProperty('checked'));
settings.set('embedded_tracker_port', $('embeddedTrackerPort').getProperty('value'));

Write Preview
Loading…
Cancel
Save