[security] fix vulnerability when handling remote file redirects

Also adds the ability for an admin to just completely disable this service if it is not needed on the node.

CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## v1.2.3
+### Fixed
+* **[Security]** Fixes a remaining security vulnerability in the code handling remote file downloads for servers relating to redirect validation.
+
+### Added
+* Adds a configuration key at `api.disable_remote_download` that can be set to `true` to completely download the remote download system.
+
+## v1.2.2
+### Fixed
+* Reverts changes to logic handling blocking until a server process is done running when polling stats. This change exposed a bug in the underlying Docker system causing servers to enter a state in which Wings was unable to terminate the process and Docker commands would hang if executed against the container.
+
+### Changed
+* Adds logic to handle a console stream unexpectedly returning an EOF when reading console logs. New code should automatically re-attach the stream avoiding issues where the console would stop live updating for servers.
+
 ## v1.2.1
 ### Fixed
 * Fixes servers not be properly marked as no longer transfering if an error occurs during the archive process.

api/api.go

@@ -2,17 +2,18 @@ package api
 
 import (
 	"bytes"
-	"emperror.dev/errors"
 	"encoding/json"
 	"fmt"
-	"github.com/apex/log"
-	"github.com/pterodactyl/wings/config"
-	"github.com/pterodactyl/wings/system"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"strings"
 	"time"
+
+	"emperror.dev/errors"
+	"github.com/apex/log"
+	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/system"
 )
 
 // Initializes the requester instance.

api/process_configuration.go

@@ -2,10 +2,11 @@ package api
 
 import (
 	"encoding/json"
-	"github.com/apex/log"
-	"github.com/pterodactyl/wings/parser"
 	"regexp"
 	"strings"
+
+	"github.com/apex/log"
+	"github.com/pterodactyl/wings/parser"
 )
 
 type OutputLineMatcher struct {

api/server_endpoints.go

@@ -4,11 +4,12 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"strconv"
+	"sync"
+
 	"github.com/apex/log"
 	"github.com/pterodactyl/wings/config"
 	"golang.org/x/sync/errgroup"
-	"strconv"
-	"sync"
 )
 
 const (

api/sftp_endpoints.go

@@ -1,9 +1,10 @@
 package api
 
 import (
+	"regexp"
+
 	"emperror.dev/errors"
 	"github.com/apex/log"
-	"regexp"
 )
 
 type SftpAuthRequest struct {

cmd/config_finder.go

@@ -1,9 +1,10 @@
 package cmd
 
 import (
-	"github.com/pterodactyl/wings/config"
 	"os"
 	"path/filepath"
+
+	"github.com/pterodactyl/wings/config"
 )
 
 // We've gone through a couple of iterations of where the configuration is stored. This

cmd/configure.go

@@ -4,10 +4,6 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
-	"github.com/AlecAivazis/survey/v2"
-	"github.com/AlecAivazis/survey/v2/terminal"
-	"github.com/pterodactyl/wings/config"
-	"github.com/spf13/cobra"
 	"io/ioutil"
 	"net/http"
 	"net/url"
@@ -15,6 +11,11 @@ import (
 	"path"
 	"regexp"
 	"time"
+
+	"github.com/AlecAivazis/survey/v2"
+	"github.com/AlecAivazis/survey/v2/terminal"
+	"github.com/pterodactyl/wings/config"
+	"github.com/spf13/cobra"
 )
 
 var (

cmd/diagnostics.go

@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/pterodactyl/wings/environment"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -16,6 +15,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/pterodactyl/wings/environment"
+
 	"github.com/AlecAivazis/survey/v2"
 	"github.com/AlecAivazis/survey/v2/terminal"
 	"github.com/docker/docker/api/types"

cmd/root.go

@@ -2,8 +2,15 @@ package cmd
 
 import (
 	"crypto/tls"
-	"emperror.dev/errors"
 	"fmt"
+	log2 "log"
+	"net/http"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"emperror.dev/errors"
 	"github.com/NYTimes/logrotate"
 	"github.com/apex/log"
 	"github.com/apex/log/handlers/multi"
@@ -21,47 +28,54 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
-	"net/http"
-	"os"
-	"path"
-	"path/filepath"
-	"strings"
 )
 
 var (
-	profiler                = ""
-	configPath              = config.DefaultLocation
-	debug                   = false
-	useAutomaticTls         = false
-	tlsHostname             = ""
-	showVersion             = false
-	ignoreCertificateErrors = false
+	configPath = config.DefaultLocation
+	debug      = false
 )
 
-var root = &cobra.Command{
+var rootCommand = &cobra.Command{
 	Use:   "wings",
-	Short: "The wings of the pterodactyl game management panel",
-	Long:  ``,
+	Short: "Runs the API server allowing programatic control of game servers for Pterodactyl Panel.",
 	PreRun: func(cmd *cobra.Command, args []string) {
-		if useAutomaticTls && len(tlsHostname) == 0 {
-			fmt.Println("A TLS hostname must be provided when running wings with automatic TLS, e.g.:\n\n    ./wings --auto-tls --tls-hostname my.example.com")
-			os.Exit(1)
+		if tls, _ := cmd.Flags().GetBool("auto-tls"); tls {
+			if host, _ := cmd.Flags().GetString("tls-hostname"); host == "" {
+				fmt.Println("A TLS hostname must be provided when running wings with automatic TLS, e.g.:\n\n    ./wings --auto-tls --tls-hostname my.example.com")
+				os.Exit(1)
+			}
 		}
 	},
 	Run: rootCmdRun,
 }
 
-func init() {
-	root.PersistentFlags().BoolVar(&showVersion, "version", false, "show the version and exit")
-	root.PersistentFlags().StringVar(&configPath, "config", config.DefaultLocation, "set the location for the configuration file")
-	root.PersistentFlags().BoolVar(&debug, "debug", false, "pass in order to run wings in debug mode")
-	root.PersistentFlags().StringVar(&profiler, "profiler", "", "the profiler to run for this instance")
-	root.PersistentFlags().BoolVar(&useAutomaticTls, "auto-tls", false, "pass in order to have wings generate and manage it's own SSL certificates using Let's Encrypt")
-	root.PersistentFlags().StringVar(&tlsHostname, "tls-hostname", "", "required with --auto-tls, the FQDN for the generated SSL certificate")
-	root.PersistentFlags().BoolVar(&ignoreCertificateErrors, "ignore-certificate-errors", false, "if passed any SSL certificate errors will be ignored by wings")
+var versionCommand = &cobra.Command{
+	Use:   "version",
+	Short: "Prints the current executable version and exits.",
+	Run: func(cmd *cobra.Command, _ []string) {
+		fmt.Printf("wings v%s\nCopyright © 2018 - 2021 Dane Everitt & Contributors\n", system.Version)
+	},
+}
 
-	root.AddCommand(configureCmd)
-	root.AddCommand(diagnosticsCmd)
+func Execute() {
+	if err := rootCommand.Execute(); err != nil {
+		log2.Fatalf("failed to execute command: %s", err)
+	}
+}
+
+func init() {
+	rootCommand.PersistentFlags().StringVar(&configPath, "config", config.DefaultLocation, "set the location for the configuration file")
+	rootCommand.PersistentFlags().BoolVar(&debug, "debug", false, "pass in order to run wings in debug mode")
+
+	// Flags specifically used when running the API.
+	rootCommand.Flags().String("profiler", "", "the profiler to run for this instance")
+	rootCommand.Flags().Bool("auto-tls", false, "pass in order to have wings generate and manage it's own SSL certificates using Let's Encrypt")
+	rootCommand.Flags().String("tls-hostname", "", "required with --auto-tls, the FQDN for the generated SSL certificate")
+	rootCommand.Flags().Bool("ignore-certificate-errors", false, "ignore certificate verification errors when executing API calls")
+
+	rootCommand.AddCommand(versionCommand)
+	rootCommand.AddCommand(configureCmd)
+	rootCommand.AddCommand(diagnosticsCmd)
 }
 
 // Get the configuration path based on the arguments provided.
@@ -85,13 +99,8 @@ func readConfiguration() (*config.Configuration, error) {
 	return config.ReadConfiguration(p)
 }
 
-func rootCmdRun(*cobra.Command, []string) {
-	if showVersion {
-		fmt.Println(system.Version)
-		os.Exit(0)
-	}
-
-	switch profiler {
+func rootCmdRun(cmd *cobra.Command, _ []string) {
+	switch cmd.Flag("profiler").Value.String() {
 	case "cpu":
 		defer profile.Start(profile.CPUProfile).Stop()
 	case "mem":
@@ -117,7 +126,6 @@ func rootCmdRun(*cobra.Command, []string) {
 			if errors.Is(err, os.ErrNotExist) {
 				exitWithConfigurationNotice()
 			}
-
 			panic(err)
 		}
 	}
@@ -141,7 +149,7 @@ func rootCmdRun(*cobra.Command, []string) {
 		log.Debug("running in debug mode")
 	}
 
-	if ignoreCertificateErrors {
+	if ok, _ := cmd.Flags().GetBool("ignore-certificate-errors"); ok {
 		log.Warn("running with --ignore-certificate-errors: TLS certificate host chains and name will not be verified")
 		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{
 			InsecureSkipVerify: true,
@@ -280,9 +288,15 @@ func rootCmdRun(*cobra.Command, []string) {
 		log.WithField("error", err).Error("failed to create backup directory")
 	}
 
+	autotls, _ := cmd.Flags().GetBool("auto-tls")
+	tlshostname, _ := cmd.Flags().GetString("tls-hostname")
+	if autotls && tlshostname == "" {
+		autotls = false
+	}
+
 	log.WithFields(log.Fields{
 		"use_ssl":      c.Api.Ssl.Enabled,
-		"use_auto_tls": useAutomaticTls && len(tlsHostname) > 0,
+		"use_auto_tls": autotls,
 		"host_address": c.Api.Host,
 		"host_port":    c.Api.Port,
 	}).Info("configuring internal webserver")
@@ -293,7 +307,6 @@ func rootCmdRun(*cobra.Command, []string) {
 	s := &http.Server{
 		Addr:    fmt.Sprintf("%s:%d", c.Api.Host, c.Api.Port),
 		Handler: r,
-
 		TLSConfig: &tls.Config{
 			NextProtos: []string{"h2", "http/1.1"},
 			// @see https://blog.cloudflare.com/exposing-go-on-the-internet
@@ -313,14 +326,14 @@ func rootCmdRun(*cobra.Command, []string) {
 	}
 
 	// Check if the server should run with TLS but using autocert.
-	if useAutomaticTls && len(tlsHostname) > 0 {
+	if autotls {
 		m := autocert.Manager{
 			Prompt:     autocert.AcceptTOS,
 			Cache:      autocert.DirCache(path.Join(c.System.RootDirectory, "/.tls-cache")),
-			HostPolicy: autocert.HostWhitelist(tlsHostname),
+			HostPolicy: autocert.HostWhitelist(tlshostname),
 		}
 
-		log.WithField("hostname", tlsHostname).
+		log.WithField("hostname", tlshostname).
 			Info("webserver is now listening with auto-TLS enabled; certificates will be automatically generated by Let's Encrypt")
 
 		// Hook autocert into the main http server.
@@ -336,7 +349,7 @@ func rootCmdRun(*cobra.Command, []string) {
 
 		// Start the main http server with TLS using autocert.
 		if err := s.ListenAndServeTLS("", ""); err != nil {
-			log.WithFields(log.Fields{"auto_tls": true, "tls_hostname": tlsHostname, "error": err}).
+			log.WithFields(log.Fields{"auto_tls": true, "tls_hostname": tlshostname, "error": err}).
 				Fatal("failed to configure HTTP server using auto-tls")
 		}
 
@@ -364,11 +377,6 @@ func rootCmdRun(*cobra.Command, []string) {
 	}
 }
 
-// Execute calls cobra to handle cli commands
-func Execute() error {
-	return root.Execute()
-}
-
 // Configures the global logger for Zap so that we can call it from any location
 // in the code without having to pass around a logger instance.
 func configureLogging(logDir string, debug bool) error {
@@ -379,20 +387,15 @@ func configureLogging(logDir string, debug bool) error {
 	p := filepath.Join(logDir, "/wings.log")
 	w, err := logrotate.NewFile(p)
 	if err != nil {
-		panic(errors.WithMessage(err, "failed to open process log file"))
+		return err
 	}
 
+	log.SetLevel(log.InfoLevel)
 	if debug {
 		log.SetLevel(log.DebugLevel)
-	} else {
-		log.SetLevel(log.InfoLevel)
 	}
 
-	log.SetHandler(multi.New(
-		cli.Default,
-		cli.New(w.File, false),
-	))
-
+	log.SetHandler(multi.New(cli.Default, cli.New(w.File, false)))
 	log.WithField("path", p).Info("writing log files to disk")
 
 	return nil
@@ -406,7 +409,7 @@ __ [blue][bold]Pterodactyl[reset] _____/___/_______ _______ ______
 \_____\    \/\/    /   /       /  __   /   ___/
    \___\          /   /   /   /  /_/  /___   /
         \___/\___/___/___/___/___    /______/
-                            /_______/ [bold]v%s[reset]
+                            /_______/ [bold]%s[reset]
 
 Copyright © 2018 - 2021 Dane Everitt & Contributors
 

config/config.go

@@ -1,12 +1,7 @@
 package config
 
 import (
-	"emperror.dev/errors"
 	"fmt"
-	"github.com/cobaugh/osrelease"
-	"github.com/creasty/defaults"
-	"github.com/gbrlsnchs/jwt/v3"
-	"gopkg.in/yaml.v2"
 	"io/ioutil"
 	"os"
 	"os/exec"
@@ -14,6 +9,12 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+
+	"emperror.dev/errors"
+	"github.com/cobaugh/osrelease"
+	"github.com/creasty/defaults"
+	"github.com/gbrlsnchs/jwt/v3"
+	"gopkg.in/yaml.v2"
 )
 
 const DefaultLocation = "/etc/pterodactyl/config.yml"
@@ -87,11 +88,16 @@ type ApiConfiguration struct {
 
 	// SSL configuration for the daemon.
 	Ssl struct {
-		Enabled         bool   `default:"false"`
+		Enabled         bool   `json:"enabled" yaml:"enabled"`
 		CertificateFile string `json:"cert" yaml:"cert"`
 		KeyFile         string `json:"key" yaml:"key"`
 	}
 
+	// Determines if functionality for allowing remote download of files into server directories
+	// is enabled on this instance. If set to "true" remote downloads will not be possible for
+	// servers.
+	DisableRemoteDownload bool `json:"disable_remote_download" yaml:"disable_remote_download"`
+
 	// The maximum size for files uploaded through the Panel in bytes.
 	UploadLimit int `default:"100" json:"upload_limit" yaml:"upload_limit"`
 }

config/config_docker.go

@@ -3,6 +3,7 @@ package config
 import (
 	"encoding/base64"
 	"encoding/json"
+
 	"github.com/docker/docker/api/types"
 )
 

config/config_system.go

@@ -2,9 +2,7 @@ package config
 
 import (
 	"context"
-	"emperror.dev/errors"
 	"fmt"
-	"github.com/apex/log"
 	"html/template"
 	"io/ioutil"
 	"os"
@@ -13,6 +11,9 @@ import (
 	"path/filepath"
 	"regexp"
 	"time"
+
+	"emperror.dev/errors"
+	"github.com/apex/log"
 )
 
 // Defines basic system configuration settings.

environment/allocations.go

@@ -2,9 +2,10 @@ package environment
 
 import (
 	"fmt"
+	"strconv"
+
 	"github.com/docker/go-connections/nat"
 	"github.com/pterodactyl/wings/config"
-	"strconv"
 )
 
 // Defines the allocations available for a given server. When using the Docker environment

environment/docker.go

@@ -2,10 +2,11 @@ package environment
 
 import (
 	"context"
-	"github.com/apex/log"
 	"strconv"
 	"sync"
 
+	"github.com/apex/log"
+
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"

environment/docker/container.go

@@ -26,6 +26,18 @@ type imagePullStatus struct {
 	Progress string `json:"progress"`
 }
 
+// A custom console writer that allows us to keep a function blocked until the
+// given stream is properly closed. This does nothing special, only exists to
+// make a noop io.Writer.
+type noopWriter struct{}
+
+var _ io.Writer = noopWriter{}
+
+// Implement the required Write function to satisfy the io.Writer interface.
+func (nw noopWriter) Write(b []byte) (int, error) {
+	return len(b), nil
+}
+
 // Attaches to the docker container itself and ensures that we can pipe data in and out
 // of the process stream. This should not be used for reading console data as you *will*
 // miss important output at the beginning because of the time delay with attaching to the
@@ -60,8 +72,8 @@ func (e *Environment) Attach() error {
 	go func() {
 		ctx, cancel := context.WithCancel(context.Background())
 		defer cancel()
+		defer e.stream.Close()
 		defer func() {
-			e.stream.Close()
 			e.SetState(environment.ProcessOfflineState)
 			e.SetStream(nil)
 		}()
@@ -78,24 +90,18 @@ func (e *Environment) Attach() error {
 
 		// Block the completion of this routine until the container is no longer running. This allows
 		// the pollResources function to run until it needs to be stopped. Because the container
-		// can be polled for resource usage, even when sropped, we need to have this logic present
+		// can be polled for resource usage, even when stopped, we need to have this logic present
 		// in order to cancel the context and therefore stop the routine that is spawned.
-		ok, err := e.client.ContainerWait(ctx, e.Id, container.WaitConditionNotRunning)
-		select {
-		case <-ctx.Done():
-			// Do nothing, the context was canceled by a different process, there is no error
-			// to report at this point.
-			e.log().Debug("terminating ContainerWait blocking process, context canceled")
-			return
-		case _ = <-err:
-			// An error occurred with the ContainerWait call, report it here and then hope
-			// for the fucking best I guess?
-			e.log().WithField("error", err).Error("error while blocking using ContainerWait")
-			return
-		case <-ok:
-			// Do nothing, everything is running as expected. This will allow us to keep
-			// blocking the termination of this function until the container stops at which
-			// point all of our deferred functions can run.
+		//
+		// For now, DO NOT use client#ContainerWait from the Docker package. There is a nasty
+		// bug causing containers to hang on deletion and cause servers to lock up on the system.
+		//
+		// This weird code isn't intuitive, but it keeps the function from ending until the container
+		// is stopped and therefore the stream reader ends up closed.
+		// @see https://github.com/moby/moby/issues/41827
+		c := new(noopWriter)
+		if _, err := io.Copy(c, e.stream.Reader); err != nil {
+			e.log().WithField("error", err).Error("could not copy from environment stream to noop writer")
 		}
 	}()
 
@@ -272,6 +278,8 @@ func (e *Environment) Destroy() error {
 		Force:         true,
 	})
 
+	e.SetState(environment.ProcessOfflineState)
+
 	// Don't trigger a destroy failure if we try to delete a container that does not
 	// exist on the system. We're just a step ahead of ourselves in that case.
 	//
@@ -280,8 +288,6 @@ func (e *Environment) Destroy() error {
 		return nil
 	}
 
-	e.SetState(environment.ProcessOfflineState)
-
 	return err
 }
 
@@ -307,19 +313,39 @@ func (e *Environment) followOutput() error {
 	if err != nil {
 		return err
 	}
-	go func(reader io.ReadCloser) {
-		defer reader.Close()
-		evts := e.Events()
-		err := system.ScanReader(reader, func(line string) {
-			evts.Publish(environment.ConsoleOutputEvent, line)
-		})
-		if err != nil && err != io.EOF {
-			log.WithField("error", err).WithField("container_id", e.Id).Warn("error processing scanner line in console output")
-		}
-	}(reader)
+
+	go e.scanOutput(reader)
+
 	return nil
 }
 
+func (e *Environment) scanOutput(reader io.ReadCloser) {
+	defer reader.Close()
+
+	events := e.Events()
+
+	err := system.ScanReader(reader, func(line string) {
+		events.Publish(environment.ConsoleOutputEvent, line)
+	})
+
+	if err != nil && err != io.EOF {
+		log.WithField("error", err).WithField("container_id", e.Id).Warn("error processing scanner line in console output")
+		return
+	}
+
+	// Return here if the server is offline or currently stopping.
+	if e.State() == environment.ProcessStoppingState || e.State() == environment.ProcessOfflineState {
+		return
+	}
+
+	// Close the current reader before starting a new one, the defer will still run
+	// but it will do nothing if we already closed the stream.
+	_ = reader.Close()
+
+	// Start following the output of the server again.
+	go e.followOutput()
+}
+
 // Pulls the image from Docker. If there is an error while pulling the image from the source
 // but the image already exists locally, we will report that error to the logger but continue
 // with the process.
@@ -403,9 +429,11 @@ func (e *Environment) ensureImageExists(image string) error {
 	// I'm not sure what the best approach here is, but this will block execution until the image
 	// is done being pulled, which is what we need.
 	scanner := bufio.NewScanner(out)
+
 	for scanner.Scan() {
 		s := imagePullStatus{}
 		fmt.Println(scanner.Text())
+
 		if err := json.Unmarshal(scanner.Bytes(), &s); err == nil {
 			e.Events().Publish(environment.DockerImagePullStatus, s.Status+" "+s.Progress)
 		}

environment/docker/environment.go

@@ -82,8 +82,9 @@ func (e *Environment) Type() string {
 // Set if this process is currently attached to the process.
 func (e *Environment) SetStream(s *types.HijackedResponse) {
 	e.mu.Lock()
+	defer e.mu.Unlock()
+
 	e.stream = s
-	e.mu.Unlock()
 }
 
 // Determine if the this process is currently attached to the container.
@@ -98,6 +99,7 @@ func (e *Environment) Events() *events.EventBus {
 	e.eventMu.Do(func() {
 		e.emitter = events.New()
 	})
+
 	return e.emitter
 }
 
@@ -174,12 +176,14 @@ func (e *Environment) Config() *environment.Configuration {
 // Sets the stop configuration for the environment.
 func (e *Environment) SetStopConfiguration(c api.ProcessStopConfiguration) {
 	e.mu.Lock()
+	defer e.mu.Unlock()
+
 	e.meta.Stop = c
-	e.mu.Unlock()
 }
 
 func (e *Environment) SetImage(i string) {
 	e.mu.Lock()
+	defer e.mu.Unlock()
+
 	e.meta.Image = i
-	e.mu.Unlock()
 }

environment/docker/power.go

@@ -20,10 +20,9 @@ import (
 //
 // This process will also confirm that the server environment exists and is in a bootable
 // state. This ensures that unexpected container deletion while Wings is running does
-// not result in the server becoming unbootable.
+// not result in the server becoming un-bootable.
 func (e *Environment) OnBeforeStart() error {
-	// Always destroy and re-create the server container to ensure that synced data from
-	// the Panel is usee.
+	// Always destroy and re-create the server container to ensure that synced data from the Panel is used.
 	if err := e.client.ContainerRemove(context.Background(), e.Id, types.ContainerRemoveOptions{RemoveVolumes: true}); err != nil {
 		if !client.IsErrNotFound(err) {
 			return errors.WithMessage(err, "failed to remove server docker container during pre-boot")
@@ -49,6 +48,7 @@ func (e *Environment) OnBeforeStart() error {
 // call to OnBeforeStart().
 func (e *Environment) Start() error {
 	sawError := false
+
 	// If sawError is set to true there was an error somewhere in the pipeline that
 	// got passed up, but we also want to ensure we set the server to be offline at
 	// that point.
@@ -235,7 +235,7 @@ func (e *Environment) Terminate(signal os.Signal) error {
 
 	sig := strings.TrimSuffix(strings.TrimPrefix(signal.String(), "signal "), "ed")
 
-	if err := e.client.ContainerKill(context.Background(), e.Id, sig); err != nil {
+	if err := e.client.ContainerKill(context.Background(), e.Id, sig); err != nil && !client.IsErrNotFound(err) {
 		return err
 	}
 

environment/docker/stream.go

@@ -19,8 +19,9 @@ var ErrNotAttached = errors.New("not attached to instance")
 
 func (e *Environment) setStream(s *types.HijackedResponse) {
 	e.mu.Lock()
+	defer e.mu.Unlock()
+
 	e.stream = s
-	e.mu.Unlock()
 }
 
 // Sends the specified command to the stdin of the running container instance. There is no
@@ -71,7 +72,7 @@ func (e *Environment) Readlog(lines int) ([]string, error) {
 // Docker stores the logs for server output in a JSON format. This function will iterate over the JSON
 // that was read from the log file and parse it into a more human readable format.
 func (e *Environment) parseLogToStrings(b []byte) ([]string, error) {
-	var hasError = false
+	hasError := false
 	var out []string
 
 	scanner := bufio.NewScanner(bytes.NewReader(b))

environment/environment.go

@@ -1,8 +1,9 @@
 package environment
 
 import (
-	"github.com/pterodactyl/wings/events"
 	"os"
+
+	"github.com/pterodactyl/wings/events"
 )
 
 const (

environment/settings.go

@@ -2,9 +2,10 @@ package environment
 
 import (
 	"fmt"
-	"github.com/apex/log"
 	"math"
 	"strconv"
+
+	"github.com/apex/log"
 )
 
 type Mount struct {

events/events.go

@@ -2,9 +2,10 @@ package events
 
 import (
 	"encoding/json"
-	"github.com/gammazero/workerpool"
 	"strings"
 	"sync"
+
+	"github.com/gammazero/workerpool"
 )
 
 type Event struct {

events/pool.go

@@ -1,8 +1,9 @@
 package events
 
 import (
-	"github.com/gammazero/workerpool"
 	"reflect"
+
+	"github.com/gammazero/workerpool"
 )
 
 type CallbackPool struct {

go.mod

@@ -63,6 +63,7 @@ require (
 	github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f
 	github.com/sirupsen/logrus v1.7.0 // indirect
 	github.com/spf13/cobra v1.1.1
+	github.com/spf13/pflag v1.0.5
 	github.com/ugorji/go v1.2.2 // indirect
 	github.com/ulikunitz/xz v0.5.9 // indirect
 	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad

installer/installer.go

@@ -1,8 +1,9 @@
 package installer
 
 import (
-	"emperror.dev/errors"
 	"encoding/json"
+
+	"emperror.dev/errors"
 	"github.com/asaskevich/govalidator"
 	"github.com/buger/jsonparser"
 	"github.com/pterodactyl/wings/api"

parser/helpers.go

@@ -2,16 +2,17 @@ package parser
 
 import (
 	"bytes"
-	"emperror.dev/errors"
-	"github.com/Jeffail/gabs/v2"
-	"github.com/apex/log"
-	"github.com/buger/jsonparser"
-	"github.com/iancoleman/strcase"
 	"io/ioutil"
 	"os"
 	"regexp"
 	"strconv"
 	"strings"
+
+	"emperror.dev/errors"
+	"github.com/Jeffail/gabs/v2"
+	"github.com/apex/log"
+	"github.com/buger/jsonparser"
+	"github.com/iancoleman/strcase"
 )
 
 // Regex to match anything that has a value matching the format of {{ config.$1 }} which

parser/parser.go

@@ -2,8 +2,14 @@ package parser
 
 import (
 	"bufio"
-	"emperror.dev/errors"
 	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/beevik/etree"
 	"github.com/buger/jsonparser"
@@ -12,11 +18,6 @@ import (
 	"github.com/pterodactyl/wings/config"
 	"gopkg.in/ini.v1"
 	"gopkg.in/yaml.v2"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
 )
 
 // The file parsing options that are available for a server configuration file.

router/downloader/downloader.go

@@ -18,7 +18,22 @@ import (
 	"time"
 )
 
-var client = &http.Client{Timeout: time.Hour * 12}
+var client = &http.Client{
+	Timeout: time.Hour * 12,
+	// Disallow any redirect on a HTTP call. This is a security requirement: do not modify
+	// this logic without first ensuring that the new target location IS NOT within the current
+	// instance's local network.
+	//
+	// This specific error response just causes the client to not follow the redirect and
+	// returns the actual redirect response to the caller. Not perfect, but simple and most
+	// people won't be using URLs that redirect anyways hopefully?
+	//
+	// We'll re-evaluate this down the road if needed.
+	CheckRedirect: func(req *http.Request, via []*http.Request) error {
+		return http.ErrUseLastResponse
+	},
+}
+
 var instance = &Downloader{
 	// Tracks all of the active downloads.
 	downloadCache: make(map[string]*Download),

router/error.go

@@ -1,16 +1,17 @@
 package router
 
 import (
-	"emperror.dev/errors"
 	"fmt"
+	"net/http"
+	"os"
+	"strings"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/server/filesystem"
-	"net/http"
-	"os"
-	"strings"
 )
 
 type RequestError struct {

router/middleware.go

@@ -1,14 +1,15 @@
 package router
 
 import (
+	"io"
+	"net/http"
+	"strings"
+
 	"emperror.dev/errors"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/server"
-	"io"
-	"net/http"
-	"strings"
 )
 
 type Middleware struct{}
@@ -119,6 +120,21 @@ func (m *Middleware) ServerExists() gin.HandlerFunc {
 	}
 }
 
+// Checks if remote file downloading is enabled on this instance before allowing access
+// to the given endpoint.
+func (m *Middleware) CheckRemoteDownloadEnabled() gin.HandlerFunc {
+	disabled := config.Get().Api.DisableRemoteDownload
+	return func(c *gin.Context) {
+		if disabled {
+			c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{
+				"error": "This functionality is not currently enabled on this instance.",
+			})
+			return
+		}
+		c.Next()
+	}
+}
+
 // Returns the server instance from the gin context. If there is no server set in the
 // context (e.g. calling from a controller not protected by ServerExists) this function
 // will panic.

router/router.go

@@ -88,9 +88,9 @@ func Configure() *gin.Engine {
 			files.POST("/decompress", postServerDecompressFiles)
 			files.POST("/chmod", postServerChmodFile)
 
-			files.GET("/pull", getServerPullingFiles)
-			files.POST("/pull", postServerPullRemoteFile)
-			files.DELETE("/pull/:download", deleteServerPullRemoteFile)
+			files.GET("/pull", m.CheckRemoteDownloadEnabled(), getServerPullingFiles)
+			files.POST("/pull", m.CheckRemoteDownloadEnabled(), postServerPullRemoteFile)
+			files.DELETE("/pull/:download", m.CheckRemoteDownloadEnabled(), deleteServerPullRemoteFile)
 		}
 
 		backup := server.Group("/backup")

router/router_download.go

@@ -3,12 +3,13 @@ package router
 import (
 	"bufio"
 	"errors"
-	"github.com/gin-gonic/gin"
-	"github.com/pterodactyl/wings/router/tokens"
-	"github.com/pterodactyl/wings/server/backup"
 	"net/http"
 	"os"
 	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"github.com/pterodactyl/wings/router/tokens"
+	"github.com/pterodactyl/wings/server/backup"
 )
 
 // Handle a download request for a server backup.

router/router_server.go

@@ -3,15 +3,16 @@ package router
 import (
 	"bytes"
 	"context"
+	"net/http"
+	"os"
+	"strconv"
+
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/pterodactyl/wings/router/downloader"
 	"github.com/pterodactyl/wings/router/tokens"
 	"github.com/pterodactyl/wings/server"
-	"net/http"
-	"os"
-	"strconv"
 )
 
 type serverProcData struct {

router/router_server_backup.go

@@ -1,13 +1,14 @@
 package router
 
 import (
-	"emperror.dev/errors"
 	"fmt"
+	"net/http"
+	"os"
+
+	"emperror.dev/errors"
 	"github.com/gin-gonic/gin"
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/server/backup"
-	"net/http"
-	"os"
 )
 
 // Backs up a server.

router/router_server_ws.go

@@ -3,10 +3,11 @@ package router
 import (
 	"context"
 	"encoding/json"
+	"time"
+
 	"github.com/gin-gonic/gin"
 	ws "github.com/gorilla/websocket"
 	"github.com/pterodactyl/wings/router/websocket"
-	"time"
 )
 
 // Upgrades a connection to a websocket and passes events along between.

router/router_system.go

@@ -2,14 +2,15 @@ package router
 
 import (
 	"bytes"
+	"net/http"
+	"strings"
+
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/installer"
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/system"
-	"net/http"
-	"strings"
 )
 
 // Returns information about the system that wings is running on.

router/router_transfer.go

@@ -3,10 +3,19 @@ package router
 import (
 	"bufio"
 	"crypto/sha256"
-	"emperror.dev/errors"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+	"sync/atomic"
+	"time"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
@@ -19,14 +28,6 @@ import (
 	"github.com/pterodactyl/wings/router/tokens"
 	"github.com/pterodactyl/wings/server"
 	"github.com/pterodactyl/wings/system"
-	"io"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"sync/atomic"
-	"time"
 )
 
 // Number of ticks in the progress bar

server/archiver.go

@@ -2,15 +2,16 @@ package server
 
 import (
 	"crypto/sha256"
-	"emperror.dev/errors"
 	"encoding/hex"
-	"github.com/mholt/archiver/v3"
-	"github.com/pterodactyl/wings/config"
-	"github.com/pterodactyl/wings/server/filesystem"
 	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
+
+	"emperror.dev/errors"
+	"github.com/mholt/archiver/v3"
+	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/server/filesystem"
 )
 
 // Archiver represents a Server Archiver.

server/backup.go

@@ -1,12 +1,13 @@
 package server
 
 import (
+	"io/ioutil"
+	"os"
+
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/pterodactyl/wings/api"
 	"github.com/pterodactyl/wings/server/backup"
-	"io/ioutil"
-	"os"
 )
 
 // Notifies the panel of a backup's state and returns an error if one is encountered

server/config_parser.go

@@ -1,8 +1,9 @@
 package server
 
 import (
-	"github.com/gammazero/workerpool"
 	"runtime"
+
+	"github.com/gammazero/workerpool"
 )
 
 // Parent function that will update all of the defined configuration files for a server

server/configuration.go

@@ -1,8 +1,9 @@
 package server
 
 import (
-	"github.com/pterodactyl/wings/environment"
 	"sync"
+
+	"github.com/pterodactyl/wings/environment"
 )
 
 type Configuration struct {

server/console.go

@@ -2,14 +2,15 @@ package server
 
 import (
 	"context"
-	"emperror.dev/errors"
 	"fmt"
-	"github.com/mitchellh/colorstring"
-	"github.com/pterodactyl/wings/config"
-	"github.com/pterodactyl/wings/system"
 	"sync"
 	"sync/atomic"
 	"time"
+
+	"emperror.dev/errors"
+	"github.com/mitchellh/colorstring"
+	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/system"
 )
 
 var ErrTooMuchConsoleData = errors.New("console is outputting too much data")
@@ -114,7 +115,7 @@ func (ct *ConsoleThrottler) Increment(onTrigger func()) error {
 func (s *Server) Throttler() *ConsoleThrottler {
 	s.throttleOnce.Do(func() {
 		s.throttler = &ConsoleThrottler{
-			isThrottled: system.NewAtomicBool(false),
+			isThrottled:      system.NewAtomicBool(false),
 			ConsoleThrottles: config.Get().Throttles,
 		}
 	})

server/crash.go

@@ -2,11 +2,12 @@ package server
 
 import (
 	"fmt"
-	"github.com/pterodactyl/wings/config"
-	"github.com/pterodactyl/wings/environment"
 	"strconv"
 	"sync"
 	"time"
+
+	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/environment"
 )
 
 type CrashHandler struct {

server/filesystem.go

@@ -1,8 +1,9 @@
 package server
 
 import (
-	"github.com/pterodactyl/wings/server/filesystem"
 	"os"
+
+	"github.com/pterodactyl/wings/server/filesystem"
 )
 
 func (s *Server) Filesystem() *filesystem.Filesystem {

server/install.go

@@ -4,6 +4,13 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"html/template"
+	"io"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
 	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/docker/docker/api/types"
@@ -14,12 +21,6 @@ import (
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/system"
-	"html/template"
-	"io"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
 )
 
 // Executes the installation stack for a server process. Bubbles any errors up to the calling

server/listeners.go

@@ -2,14 +2,15 @@ package server
 
 import (
 	"encoding/json"
+	"regexp"
+	"strconv"
+	"sync"
+
 	"github.com/apex/log"
 	"github.com/pterodactyl/wings/api"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/events"
-	"regexp"
-	"strconv"
-	"sync"
 )
 
 var dockerEvents = []string{
@@ -64,9 +65,11 @@ func (s *Server) StartEventListeners() {
 			// to terminate again.
 			if s.Environment.State() != environment.ProcessStoppingState {
 				s.Environment.SetState(environment.ProcessStoppingState)
+
 				go func() {
 					s.Log().Warn("stopping server instance, violating throttle limits")
 					s.PublishConsoleOutputFromDaemon("Your server is being stopped for outputting too much data in a short period of time.")
+
 					// Completely skip over server power actions and terminate the running instance. This gives the
 					// server 15 seconds to finish stopping gracefully before it is forcefully terminated.
 					if err := s.Environment.WaitForStop(config.Get().Throttles.StopGracePeriod, true); err != nil {

server/loader.go

@@ -1,9 +1,14 @@
 package server
 
 import (
-	"emperror.dev/errors"
 	"encoding/json"
 	"fmt"
+	"os"
+	"path/filepath"
+	"runtime"
+	"time"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/gammazero/workerpool"
 	"github.com/pterodactyl/wings/api"
@@ -11,10 +16,6 @@ import (
 	"github.com/pterodactyl/wings/environment"
 	"github.com/pterodactyl/wings/environment/docker"
 	"github.com/pterodactyl/wings/server/filesystem"
-	"os"
-	"path/filepath"
-	"runtime"
-	"time"
 )
 
 var servers = NewCollection(nil)

server/mounts.go

@@ -1,11 +1,12 @@
 package server
 
 import (
+	"path/filepath"
+	"strings"
+
 	"github.com/apex/log"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
-	"path/filepath"
-	"strings"
 )
 
 // To avoid confusion when working with mounts, assume that a server.Mount has not been properly

server/power.go

@@ -2,12 +2,13 @@ package server
 
 import (
 	"context"
+	"os"
+	"time"
+
 	"emperror.dev/errors"
 	"github.com/pterodactyl/wings/config"
 	"github.com/pterodactyl/wings/environment"
 	"golang.org/x/sync/semaphore"
-	"os"
-	"time"
 )
 
 type PowerAction string

server/resources.go

@@ -1,10 +1,11 @@
 package server
 
 import (
-	"github.com/pterodactyl/wings/environment"
-	"github.com/pterodactyl/wings/system"
 	"sync"
 	"sync/atomic"
+
+	"github.com/pterodactyl/wings/environment"
+	"github.com/pterodactyl/wings/system"
 )
 
 // Defines the current resource usage for a given server instance. If a server is offline you

server/server.go

@@ -2,8 +2,11 @@ package server
 
 import (
 	"context"
-	"emperror.dev/errors"
 	"fmt"
+	"strings"
+	"sync"
+
+	"emperror.dev/errors"
 	"github.com/apex/log"
 	"github.com/creasty/defaults"
 	"github.com/pterodactyl/wings/api"
@@ -14,8 +17,6 @@ import (
 	"github.com/pterodactyl/wings/server/filesystem"
 	"github.com/pterodactyl/wings/system"
 	"golang.org/x/sync/semaphore"
-	"strings"
-	"sync"
 )
 
 // High level definition for a server instance being controlled by Wings.

server/state.go

@@ -2,12 +2,13 @@ package server
 
 import (
 	"encoding/json"
-	"github.com/pterodactyl/wings/config"
-	"github.com/pterodactyl/wings/environment"
 	"io"
 	"io/ioutil"
 	"os"
 	"sync"
+
+	"github.com/pterodactyl/wings/config"
+	"github.com/pterodactyl/wings/environment"
 )
 
 var stateMutex sync.Mutex

server/update.go

@@ -1,8 +1,9 @@
 package server
 
 import (
-	"emperror.dev/errors"
 	"encoding/json"
+
+	"emperror.dev/errors"
 	"github.com/buger/jsonparser"
 	"github.com/imdario/mergo"
 	"github.com/pterodactyl/wings/environment"

server/websockets.go

@@ -2,8 +2,9 @@ package server
 
 import (
 	"context"
-	"github.com/google/uuid"
 	"sync"
+
+	"github.com/google/uuid"
 )
 
 type WebsocketBag struct {

sftp/handler.go

@@ -1,14 +1,15 @@
 package sftp
 
 import (
-	"github.com/apex/log"
-	"github.com/patrickmn/go-cache"
-	"github.com/pkg/sftp"
 	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"sync"
+
+	"github.com/apex/log"
+	"github.com/patrickmn/go-cache"
+	"github.com/pkg/sftp"
 )
 
 type FileSystem struct {

sftp/server.go

@@ -6,11 +6,6 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"github.com/apex/log"
-	"github.com/patrickmn/go-cache"
-	"github.com/pkg/sftp"
-	"github.com/pterodactyl/wings/api"
-	"golang.org/x/crypto/ssh"
 	"io"
 	"io/ioutil"
 	"net"
@@ -18,6 +13,12 @@ import (
 	"path"
 	"strings"
 	"time"
+
+	"github.com/apex/log"
+	"github.com/patrickmn/go-cache"
+	"github.com/pkg/sftp"
+	"github.com/pterodactyl/wings/api"
+	"golang.org/x/crypto/ssh"
 )
 
 type Settings struct {

system/system.go

@@ -1,8 +1,9 @@
 package system
 
 import (
-	"github.com/docker/docker/pkg/parsers/kernel"
 	"runtime"
+
+	"github.com/docker/docker/pkg/parsers/kernel"
 )
 
 type Information struct {