fetchClosure: Only allow some "safe" store types

author: Eelco Dolstra <edolstra@gmail.com> 2022-03-22 22:47:33 +0100
committer: Eelco Dolstra <edolstra@gmail.com> 2022-03-24 21:33:33 +0100
commit: 4120930ac19ab7296818fdc1d1389e7799168867 (patch)
tree: 19f4d6de965dce6a2beab68bf17534c8a9bd0c13 /src/libexpr
parent: 7ffda0af6effbf32c8668f34cc3f0448c58bc3c1 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/src/libexpr/primops/fetchClosure.cc b/src/libexpr/primops/fetchClosure.cc
index c3f07b6d6..247bceb07 100644
--- a/src/libexpr/primops/fetchClosure.cc
+++ b/src/libexpr/primops/fetchClosure.cc
@@ -1,6 +1,7 @@
 #include "primops.hh"
 #include "store-api.hh"
 #include "make-content-addressed.hh"
+#include "url.hh"
 
 namespace nix {
 
@@ -50,8 +51,15 @@ static void prim_fetchClosure(EvalState & state, const Pos & pos, Value * * args
             .errPos = pos
         });
 
-    // FIXME: only allow some "trusted" store types (like BinaryCacheStore).
-    auto fromStore = openStore(*fromStoreUrl);
+    auto parsedURL = parseURL(*fromStoreUrl);
+
+    if (parsedURL.scheme != "http" && parsedURL.scheme != "https")
+        throw Error({
+            .msg = hintfmt("'fetchClosure' only supports http:// and https:// stores"),
+            .errPos = pos
+        });
+
+    auto fromStore = openStore(parsedURL.to_string());
 
     if (toCA) {
         if (!toPath || !state.store->isValidPath(*toPath)) {
author	Eelco Dolstra <edolstra@gmail.com>	2022-03-22 22:47:33 +0100
committer	Eelco Dolstra <edolstra@gmail.com>	2022-03-24 21:33:33 +0100
commit	4120930ac19ab7296818fdc1d1389e7799168867 (patch)
tree	19f4d6de965dce6a2beab68bf17534c8a9bd0c13 /src/libexpr
parent	7ffda0af6effbf32c8668f34cc3f0448c58bc3c1 (diff)