MCPcopy Index your code
hub / github.com/coder/coder / fileTransferBlocked

Method fileTransferBlocked

agent/agentssh/agentssh.go:586–610  ·  view source on GitHub ↗

fileTransferBlocked method checks if the file transfer commands should be blocked. Warning: consider this mechanism as "Do not trespass" sign, as a violator can still ssh to the host, smuggle the `scp` binary, or just manually send files outside with `curl` or `ftp`. If a user needs a more sophisti

(session ssh.Session)

Source from the content-addressed store, hash-verified

584// smuggle the `scp` binary, or just manually send files outside with `curl` or `ftp`.
585// If a user needs a more sophisticated and battle-proof solution, consider full endpoint security.
586func (s *Server) fileTransferBlocked(session ssh.Session) bool {
587 if !s.config.BlockFileTransfer {
588 return false // file transfers are permitted
589 }
590 // File transfers are restricted.
591
592 if session.Subsystem() == "sftp" {
593 return true
594 }
595
596 cmd := session.Command()
597 if len(cmd) == 0 {
598 return false // no command?
599 }
600
601 c := cmd[0]
602 c = filepath.Base(c) // in case the binary is absolute path, /usr/sbin/scp
603
604 for _, cmd := range BlockedFileTransferCommands {
605 if cmd == c {
606 return true
607 }
608 }
609 return false
610}
611
612func (s *Server) sessionStart(logger slog.Logger, session ssh.Session, env []string, magicType MagicSessionType, container, containerUser string) (retErr error) {
613 ctx := session.Context()

Callers 1

sessionHandlerMethod · 0.95

Calls 1

CommandMethod · 0.80

Tested by

no test coverage detected