Commita923f58

authored

fix: enforce Content-Type to accept only binary responses (#174)

Add validation for CLI downloads that ensures the Content-Type header isindicating a binary stream (`application/octet-stream`), includingcommon variants with parameters. This prevents saving unexpected HTML orother non-binary responses (e.g., from frontend dev servers on :8080) asbinaries, improving reliability and providing clearer error feedback.

1 parent3b88d15 commita923f58Copy full SHA for a923f58

File tree

4 files changed

+29

-17

lines changed

CHANGELOG.md
gradle.properties
src
- main/kotlin/com/coder/toolbox/cli/downloader
  - CoderDownloadService.kt
- test/kotlin/com/coder/toolbox/cli
  - CoderCLIManagerTest.kt

4 files changed

+29

-17

lines changed

`‎CHANGELOG.md‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,10 @@`
`2`	`2`
`3`	`3`	`##Unreleased`
`4`	`4`
	`5`	`+###Changed`
	`6`	`+`
	`7`	`+- content-type is now enforced when downloading the CLI to accept only binary responses`
	`8`	`+`
`5`	`9`	`##0.6.1 - 2025-08-11`
`6`	`10`
`7`	`11`	`###Added`

`‎gradle.properties‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`		`-version=0.6.1`
	`1`	`+version=0.6.2`
`2`	`2`	`group=com.coder.toolbox`
`3`	`3`	`name=coder-toolbox`

`‎src/main/kotlin/com/coder/toolbox/cli/downloader/CoderDownloadService.kt‎`

Lines changed: 7 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,13 @@ class CoderDownloadService(`
`51`	`51`
`52`	`52`	`returnwhen (response.code()) {`
`53`	`53`	`HTTP_OK-> {`
	`54`	`+val contentType= response.headers()["Content-Type"]?.lowercase()`
	`55`	`+if (contentType?.startsWith("application/octet-stream")!=true) {`
	`56`	`+throwResponseException(`
	`57`	`+"Invalid content type '$contentType' when downloading CLI from$remoteBinaryURL. Expected application/octet-stream.",`
	`58`	`+ response.code()`
	`59`	`+ )`
	`60`	`+ }`
`54`	`61`	`context.logger.info("Downloading binary to temporary$cliTempDst")`
`55`	`62`	`response.saveToDisk(cliTempDst, showTextProgress, buildVersion)?.makeExecutable()`
`56`	`63`	`DownloadResult.Downloaded(remoteBinaryURL, cliTempDst)`

`‎src/test/kotlin/com/coder/toolbox/cli/CoderCLIManagerTest.kt‎`

Lines changed: 17 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -137,6 +137,7 @@ internal class CoderCLIManagerTest {`
`137`	`137`	`}`
`138`	`138`
`139`	`139`	`val body= response.toByteArray()`
	`140`	`+ exchange.responseHeaders["Content-Type"]="application/octet-stream"`
`140`	`141`	`exchange.sendResponseHeaders(code,if (code==HttpURLConnection.HTTP_OK) body.size.toLong()else-1)`
`141`	`142`	`exchange.responseBody.write(body)`
`142`	`143`	`exchange.close()`
`@@ -197,11 +198,11 @@ internal class CoderCLIManagerTest {`
`197`	`198`	`val ccm=CoderCLIManager(`
`198`	`199`	`context.copy(`
`199`	`200`	`settingsStore=CoderSettingsStore(`
`200`		`- pluginTestSettingsStore(`
`201`		`-DATA_DIRECTORY to tmpdir.resolve("cli-dir-fail-to-write").toString(),`
`202`		`- ),`
`203`		`-Environment(),`
`204`		`- context.logger`
	`201`	`+pluginTestSettingsStore(`
	`202`	`+DATA_DIRECTORY to tmpdir.resolve("cli-dir-fail-to-write").toString(),`
	`203`	`+),`
	`204`	`+Environment(),`
	`205`	`+context.logger`
`205`	`206`	`)`
`206`	`207`	`),`
`207`	`208`	`url`
`@@ -307,11 +308,11 @@ internal class CoderCLIManagerTest {`
`307`	`308`	`val ccm=CoderCLIManager(`
`308`	`309`	`context.copy(`
`309`	`310`	`settingsStore=CoderSettingsStore(`
`310`		`- pluginTestSettingsStore(`
`311`		`-DATA_DIRECTORY to tmpdir.resolve("does-not-exist").toString(),`
`312`		`- ),`
`313`		`-Environment(),`
`314`		`- context.logger`
	`311`	`+pluginTestSettingsStore(`
	`312`	`+DATA_DIRECTORY to tmpdir.resolve("does-not-exist").toString(),`
	`313`	`+),`
	`314`	`+Environment(),`
	`315`	`+context.logger`
`315`	`316`	`)`
`316`	`317`	`),`
`317`	`318`	`URL("https://foo")`
`@@ -329,12 +330,12 @@ internal class CoderCLIManagerTest {`
`329`	`330`	`val ccm=CoderCLIManager(`
`330`	`331`	`context.copy(`
`331`	`332`	`settingsStore=CoderSettingsStore(`
`332`		`- pluginTestSettingsStore(`
`333`		`-FALLBACK_ON_CODER_FOR_SIGNATURES to"allow",`
`334`		`-DATA_DIRECTORY to tmpdir.resolve("overwrite-cli").toString(),`
`335`		`- ),`
`336`		`-Environment(),`
`337`		`- context.logger`
	`333`	`+pluginTestSettingsStore(`
	`334`	`+FALLBACK_ON_CODER_FOR_SIGNATURES to"allow",`
	`335`	`+DATA_DIRECTORY to tmpdir.resolve("overwrite-cli").toString(),`
	`336`	`+),`
	`337`	`+Environment(),`
	`338`	`+context.logger`
`338`	`339`	`)`
`339`	`340`	`),`
`340`	`341`	`url`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita923f58

File tree

4 files changed

4 files changed

`‎CHANGELOG.md‎`

`‎gradle.properties‎`

`‎src/main/kotlin/com/coder/toolbox/cli/downloader/CoderDownloadService.kt‎`

`‎src/test/kotlin/com/coder/toolbox/cli/CoderCLIManagerTest.kt‎`

0 commit comments