From 852c312468d4412cdbb24678a699e8a5848b6dac Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Sat, 27 May 2023 21:07:10 +0700 Subject: [PATCH] Make the `enableUnixSockets` to be `false` by default --- documentation/2-options.md | 11 +++++------ source/core/options.ts | 2 +- test/redirects.ts | 8 +++++--- test/unix-socket.ts | 6 ++++-- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/documentation/2-options.md b/documentation/2-options.md index 8812f96bb..f54a90c90 100644 --- a/documentation/2-options.md +++ b/documentation/2-options.md @@ -944,9 +944,9 @@ As the [specification](https://tools.ietf.org/html/rfc7231#section-6.4) prefers ### `enableUnixSockets` **Type: `boolean`**\ -**Default: `true`** +**Default: `false`** -When enabled, requests can also be sent via [UNIX Domain Sockets](https://serverfault.com/questions/124517/what-is-the-difference-between-unix-sockets-and-tcp-ip-sockets). Please note that in the upcoming major release (Got v13) this default will be changed to `false` for security reasons. +When enabled, requests can also be sent via [UNIX Domain Sockets](https://serverfault.com/questions/124517/what-is-the-difference-between-unix-sockets-and-tcp-ip-sockets). > **Warning** > Make sure you do your own URL sanitizing if you accept untrusted user input for the URL. @@ -965,11 +965,10 @@ await got('http://unix:/var/run/docker.sock:/containers/json', {enableUnixSocket // Or without protocol (HTTP by default) await got('unix:/var/run/docker.sock:/containers/json', {enableUnixSockets: true}); -// Disable Unix sockets -const gotUnixSocketsDisabled = got.extend({enableUnixSockets: false}); +// Enable Unix sockets for the whole instance. +const gotWithUnixSockets = got.extend({enableUnixSockets: true}); -// RequestError: Using UNIX domain sockets but option `enableUnixSockets` is not enabled -await gotUnixSocketsDisabled('http://unix:/var/run/docker.sock:/containers/json'); +await gotWithUnixSockets('http://unix:/var/run/docker.sock:/containers/json'); ``` ## Methods diff --git a/source/core/options.ts b/source/core/options.ts index d2d932648..0ec270330 100644 --- a/source/core/options.ts +++ b/source/core/options.ts @@ -827,7 +827,7 @@ const defaultInternals: Options['_internals'] = { setHost: true, maxHeaderSize: undefined, signal: undefined, - enableUnixSockets: true, + enableUnixSockets: false, }; const cloneInternals = (internals: typeof defaultInternals) => { diff --git a/test/redirects.ts b/test/redirects.ts index 56e262ac3..2665a4b30 100644 --- a/test/redirects.ts +++ b/test/redirects.ts @@ -46,14 +46,16 @@ test('cannot redirect to UNIX protocol when UNIX sockets are enabled', withServe server.get('/protocol', unixProtocol); server.get('/hostname', unixHostname); - t.true(got.defaults.options.enableUnixSockets); + const gotUnixSocketsEnabled = got.extend({enableUnixSockets: true}); - await t.throwsAsync(got('protocol'), { + t.true(gotUnixSocketsEnabled.defaults.options.enableUnixSockets); + + await t.throwsAsync(gotUnixSocketsEnabled('protocol'), { message: 'Cannot redirect to UNIX socket', instanceOf: RequestError, }); - await t.throwsAsync(got('hostname'), { + await t.throwsAsync(gotUnixSocketsEnabled('hostname'), { message: 'Cannot redirect to UNIX socket', instanceOf: RequestError, }); diff --git a/test/unix-socket.ts b/test/unix-socket.ts index 8ff7c4ea4..72b52fdc1 100644 --- a/test/unix-socket.ts +++ b/test/unix-socket.ts @@ -2,9 +2,11 @@ import process from 'process'; import {format} from 'util'; import test from 'ava'; import type {Handler} from 'express'; -import got from '../source/index.js'; +import baseGot from '../source/index.js'; import {withSocketServer} from './helpers/with-server.js'; +const got = baseGot.extend({enableUnixSockets: true}); + const okHandler: Handler = (_request, response) => { response.end('ok'); }; @@ -21,7 +23,7 @@ if (process.platform !== 'win32') { server.on('/', okHandler); const url = format('http://unix:%s:%s', server.socketPath, '/'); - t.is((await got(url)).body, 'ok'); + t.is((await got(url, {})).body, 'ok'); }); test('protocol-less works', withSocketServer, async (t, server) => {