diff --git a/src/WebJobs.Script.WebHost/AntiSSRF/AntiSSRFConstants.cs b/src/WebJobs.Script.WebHost/AntiSSRF/AntiSSRFConstants.cs new file mode 100644 index 0000000000..267a42caf0 --- /dev/null +++ b/src/WebJobs.Script.WebHost/AntiSSRF/AntiSSRFConstants.cs @@ -0,0 +1,10 @@ +// Copyright (c) .NET Foundation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. + +namespace Microsoft.Azure.WebJobs.Script.WebHost +{ + public static class AntiSSRFConstants + { + public static readonly string AntiSSRFHttpClientName = "AntiSSRFClient"; + } +} diff --git a/src/WebJobs.Script.WebHost/AntiSSRF/AntiSSRFServiceCollectionExtensions.cs b/src/WebJobs.Script.WebHost/AntiSSRF/AntiSSRFServiceCollectionExtensions.cs new file mode 100644 index 0000000000..841d36e16f --- /dev/null +++ b/src/WebJobs.Script.WebHost/AntiSSRF/AntiSSRFServiceCollectionExtensions.cs @@ -0,0 +1,23 @@ +// Copyright (c) .NET Foundation. All rights reserved. +// Licensed under the MIT License. See License.txt in the project root for license information. + +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Internal.AntiSSRF; + +namespace Microsoft.Azure.WebJobs.Script.WebHost +{ + public static class AntiSSRFServiceCollectionExtensions + { + public static IServiceCollection AddAntiSSRFHttpClient(this IServiceCollection services) + { + // create and add SSRF HTTP client + var policy = new AntiSSRFPolicy(); + policy.SetDefaults(); + var handler = policy.GetHandler(); + services.AddHttpClient(AntiSSRFConstants.AntiSSRFHttpClientName) + .ConfigurePrimaryHttpMessageHandler(() => handler); + + return services; + } + } +} \ No newline at end of file diff --git a/src/WebJobs.Script.WebHost/Management/AtlasInstanceManager.cs b/src/WebJobs.Script.WebHost/Management/AtlasInstanceManager.cs index a4cf1948dc..a7c7678c46 100644 --- a/src/WebJobs.Script.WebHost/Management/AtlasInstanceManager.cs +++ b/src/WebJobs.Script.WebHost/Management/AtlasInstanceManager.cs @@ -1,4 +1,4 @@ -// Copyright (c) .NET Foundation. All rights reserved. +// Copyright (c) .NET Foundation. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. using System; @@ -39,7 +39,7 @@ public AtlasInstanceManager(IOptionsFactory option IPackageDownloadHandler packageDownloadHandler) : base(httpClientFactory, webHostEnvironment, environment, logger, metricsLogger, meshServiceClient) { - _client = httpClientFactory?.CreateClient() ?? throw new ArgumentNullException(nameof(httpClientFactory)); + _client = httpClientFactory?.CreateClient(AntiSSRFConstants.AntiSSRFHttpClientName) ?? throw new ArgumentNullException(nameof(httpClientFactory)); _webHostEnvironment = webHostEnvironment ?? throw new ArgumentNullException(nameof(webHostEnvironment)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _metricsLogger = metricsLogger; @@ -182,6 +182,7 @@ protected override async Task DownloadWarmupAsync(RunFromPackageContext string error = null; HttpResponseMessage response = null; long? contentLength = null; + try { if (!string.IsNullOrEmpty(blobUri)) diff --git a/src/WebJobs.Script.WebHost/Management/LinuxSpecialization/PackageDownloadHandler.cs b/src/WebJobs.Script.WebHost/Management/LinuxSpecialization/PackageDownloadHandler.cs index 99b00cd18c..6bccf75a57 100644 --- a/src/WebJobs.Script.WebHost/Management/LinuxSpecialization/PackageDownloadHandler.cs +++ b/src/WebJobs.Script.WebHost/Management/LinuxSpecialization/PackageDownloadHandler.cs @@ -1,4 +1,4 @@ -// Copyright (c) .NET Foundation. All rights reserved. +// Copyright (c) .NET Foundation. All rights reserved. // Licensed under the MIT License. See License.txt in the project root for license information. using System; @@ -34,7 +34,7 @@ public PackageDownloadHandler(IHttpClientFactory httpClientFactory, IManagedIden IBashCommandHandler bashCommandHandler, IEnvironment environment, IFileSystem fileSystem, ILogger logger, IMetricsLogger metricsLogger) { - _httpClient = httpClientFactory?.CreateClient() ?? throw new ArgumentNullException(nameof(httpClientFactory)); + _httpClient = httpClientFactory?.CreateClient(AntiSSRFConstants.AntiSSRFHttpClientName) ?? throw new ArgumentNullException(nameof(httpClientFactory)); _managedIdentityTokenProvider = managedIdentityTokenProvider ?? throw new ArgumentNullException(nameof(managedIdentityTokenProvider)); _bashCommandHandler = bashCommandHandler ?? throw new ArgumentNullException(nameof(bashCommandHandler)); _environment = environment ?? throw new ArgumentNullException(nameof(environment)); diff --git a/src/WebJobs.Script.WebHost/WebHostServiceCollectionExtensions.cs b/src/WebJobs.Script.WebHost/WebHostServiceCollectionExtensions.cs index 4dc8b755bd..f0084c1ca5 100644 --- a/src/WebJobs.Script.WebHost/WebHostServiceCollectionExtensions.cs +++ b/src/WebJobs.Script.WebHost/WebHostServiceCollectionExtensions.cs @@ -144,6 +144,7 @@ public static void AddWebJobsScriptHost(this IServiceCollection services, IConfi services.AddSingleton(); services.AddSingleton(); services.AddHttpClient(); + services.AddAntiSSRFHttpClient(); services.AddBundlesHttpClient(); services.AddSingleton(); diff --git a/src/WebJobs.Script.WebHost/WebJobs.Script.WebHost.csproj b/src/WebJobs.Script.WebHost/WebJobs.Script.WebHost.csproj index dc66aabfd9..e8d10318b9 100644 --- a/src/WebJobs.Script.WebHost/WebJobs.Script.WebHost.csproj +++ b/src/WebJobs.Script.WebHost/WebJobs.Script.WebHost.csproj @@ -72,6 +72,7 @@ + diff --git a/src/WebJobs.Script/ExtensionBundle/BundlesServiceCollectionExtensions.cs b/src/WebJobs.Script/ExtensionBundle/BundlesServiceCollectionExtensions.cs index dde845f4bb..37ba6e43a1 100644 --- a/src/WebJobs.Script/ExtensionBundle/BundlesServiceCollectionExtensions.cs +++ b/src/WebJobs.Script/ExtensionBundle/BundlesServiceCollectionExtensions.cs @@ -3,8 +3,6 @@ using System; using System.Net; -using System.Net.Http; -using System.Runtime.InteropServices; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Polly;