From d23d86268a589151ca62c1ed6f6d230944aca692 Mon Sep 17 00:00:00 2001 From: Garrett Delfosse Date: Mon, 4 Mar 2024 17:10:32 +0000 Subject: [PATCH] fix: disallow out of range ports --- coderd/workspaceagentportshare.go | 19 +++++++++++++++++++ coderd/workspaceagentportshare_test.go | 14 ++++++++++++++ .../modules/resources/PortForwardButton.tsx | 4 ++-- 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/coderd/workspaceagentportshare.go b/coderd/workspaceagentportshare.go index 730089e445431..273439d8a0727 100644 --- a/coderd/workspaceagentportshare.go +++ b/coderd/workspaceagentportshare.go @@ -33,6 +33,25 @@ func (api *API) postWorkspaceAgentPortShare(rw http.ResponseWriter, r *http.Requ if !req.ShareLevel.ValidPortShareLevel() { httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ Message: "Port sharing level not allowed.", + Validations: []codersdk.ValidationError{ + { + Field: "share_level", + Detail: "Port sharing level not allowed.", + }, + }, + }) + return + } + + if req.Port < 9 || req.Port > 65535 { + httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ + Message: "Port must be between 9 and 65535.", + Validations: []codersdk.ValidationError{ + { + Field: "port", + Detail: "Port must be between 9 and 65535.", + }, + }, }) return } diff --git a/coderd/workspaceagentportshare_test.go b/coderd/workspaceagentportshare_test.go index eb335d47bf693..ad019fa95551b 100644 --- a/coderd/workspaceagentportshare_test.go +++ b/coderd/workspaceagentportshare_test.go @@ -54,6 +54,20 @@ func TestPostWorkspaceAgentPortShare(t *testing.T) { }) require.Error(t, err) + // invalid port should fail + _, err = client.UpsertWorkspaceAgentPortShare(ctx, r.Workspace.ID, codersdk.UpsertWorkspaceAgentPortShareRequest{ + AgentName: agents[0].Name, + Port: 0, + ShareLevel: codersdk.WorkspaceAgentPortShareLevelPublic, + }) + require.Error(t, err) + _, err = client.UpsertWorkspaceAgentPortShare(ctx, r.Workspace.ID, codersdk.UpsertWorkspaceAgentPortShareRequest{ + AgentName: agents[0].Name, + Port: 90000000, + ShareLevel: codersdk.WorkspaceAgentPortShareLevelPublic, + }) + require.Error(t, err) + // OK, ignoring template max port share level because we are AGPL ps, err := client.UpsertWorkspaceAgentPortShare(ctx, r.Workspace.ID, codersdk.UpsertWorkspaceAgentPortShareRequest{ AgentName: agents[0].Name, diff --git a/site/src/modules/resources/PortForwardButton.tsx b/site/src/modules/resources/PortForwardButton.tsx index 62fed379b2667..f7dd36c4410f9 100644 --- a/site/src/modules/resources/PortForwardButton.tsx +++ b/site/src/modules/resources/PortForwardButton.tsx @@ -109,7 +109,7 @@ export const PortForwardButton: FC = (props) => { const getValidationSchema = (): Yup.AnyObjectSchema => Yup.object({ - port: Yup.number().required().min(0).max(65535), + port: Yup.number().required().min(9).max(65535), share_level: Yup.string().required().oneOf(WorkspaceAppSharingLevels), }); @@ -245,7 +245,7 @@ export const PortForwardPopoverView: FC = ({ name="portNumber" type="number" placeholder="Connect to port..." - min={0} + min={9} max={65535} required css={styles.newPortInput}