Scoop icon indicating copy to clipboard operation
Scoop copied to clipboard

Published 20 hours ago verified publisher icon ScoopInstaller

[Bug] 307 redirect does not have a limit, inifinite loops

Open gitolicious opened this issue 6 months ago • 0 comments

Bug Report

Current Behavior

When a misconfigured download server responds with invalid/infinite redirects, Scoop follows them and gets stuck in a loop. Currently this can be observed in a manifest using https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe as the url.

Expected Behavior

A limit in the number of redirects should stop after a couple of redirects. 20 is the limit aria2 follows, sounds reasonable to me.

Additional context/output

INFO  Following redirect to https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe?__r=1.de54eeaf4eaf7b76674c568a53056c30...
INFO  Following redirect to https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe...
INFO  Following redirect to https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe?__r=1.de54eeaf4eaf7b76674c568a53056c30...
INFO  Following redirect to https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe...
INFO  Following redirect to https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe?__r=1.de54eeaf4eaf7b76674c568a53056c30...
INFO  Following redirect to https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe...
INFO  Following redirect to https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe?__r=1.de54eeaf4eaf7b76674c568a53056c30...
INFO  Following redirect to https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe...
[...]

Possible Solution

aria2 already has a Too many redirects occurred feature and error code which is also mentioned in the code: https://github.com/ScoopInstaller/Scoop/blob/f93028001fbe5c78cc41f59e3814d2ac8e595724/lib/install.ps1#L140

Redirects are handled by the install script itself though. https://github.com/ScoopInstaller/Scoop/blob/f93028001fbe5c78cc41f59e3814d2ac8e595724/lib/install.ps1#L385-L390

We could limit the redirect with an additional $redirectCount = 0 parameter to the Invoke-Download function. Then check that against a max value.

if ($redirectCount++ -ge $MaxRedirectCount) {
    throw "Exceeded maximum redirect limit. Aborting."
}

System details

Windows version: 11

OS architecture: 64bit

PowerShell version: 7.4.0

Additional software: n/a

Scoop Configuration

{
  "last_update": "2023-12-14T08:10:26.1476726+01:00",
  "root_path": "C:\\scoop",
  "scoop_branch": "master",
  "scoop_repo": "https://github.com/ScoopInstaller/Scoop"
}

gitolicious avatar Dec 14 '23 08:12 gitolicious