feat: add WINRM logic#309
Conversation
|
💬 Discussion in Slack: #pr-review-cli-309-feat-add-winrm-logic Posted by Review Police — reviews, comments, new commits, and CI failures will stream into this channel. |
|
| Filename | Overview |
|---|---|
| packages/gateway-v2/winrm_handler.go | New HTTP mux handler dispatching WinRM operations. Has a silent json.Unmarshal error discard in handleWinrmTest that falls back to plain HTTP, unlike handleWinrmDeliver/Remove. The Insecure TLS flag is request-body-controlled. |
| packages/gateway-v2/winrm/winrm.go | New package implementing WinRM file delivery via PowerShell. Path escaping via psSingleQuote is correct; base64 chunking avoids command-line length limits. No injection vulnerabilities found. |
| packages/gateway-v2/gateway.go | Adds WINRM forward mode and ALPN protocol registration, following the same pattern as ADCS. Host/port pinned to signed X.509 certificate extension — no SSRF risk. |
| packages/gateway-v2/winrm/winrm_transport_test.go | Tests cover transport decorator selection, global parameter mutation guard, and concurrent client creation. Good coverage for the critical transport logic. |
| packages/cmd/relay.go | Adds --organization-slug flag to the relay start command. Straightforward flag registration following the existing pattern. |
| go.mod | Adds github.com/masterzen/winrm and transitive dependencies (bodgit/ntlmssp, simplexml, goxpath). gopkg.in/ini.v1 promoted from indirect to direct. |
Comments Outside Diff (1)
-
packages/gateway-v2/winrm_handler.go, line 837-845 (link)Silent unmarshal failure changes transport security mode
handleWinrmTestdiscards thejson.Unmarshalerror with_ =, so if the control plane sends malformed or unexpected params (e.g."useHttps"with a non-boolean value),tpsilently stays at its zero value (UseHTTPS: false). The test then connects over plain HTTP instead of the intended HTTPS without any indication to the caller.handleWinrmDeliverandhandleWinrmRemoveboth propagate the unmarshal error;handleWinrmTestshould do the same.
Reviews (1): Last reviewed commit: "feat: Add WINRM logic" | Re-trigger Greptile
PR overviewThis pull request adds WinRM support to the gateway, including logic for connecting to Windows hosts and handling WinRM command or response flows. There is one remaining security concern around WinRM response handling: a malicious or misbehaving target could stream an unbounded response body and keep consuming gateway memory beyond the intended handler deadline. Two issues have already been addressed, so the review is trending in the right direction, but this remaining denial-of-service risk should be bounded with response-size limits and proper request cancellation. Open issues (1)
Fixed/addressed: 2 · PR risk: 6/10 |
Description 📣
This PR adds support for delivering certificates to Windows machines over WinRM (Windows Remote Management). Until now, the Infisical gateway could reach Windows-based certificate authorities but couldn't push certificate files directly onto Windows hosts.
With this change, the gateway can securely connect to a Windows machine, verify it's reachable, write certificate files to it, and remove them when needed, all on behalf of Infisical's platform, which sits outside the customer's network and can't talk to those machines directly.
Connections are encrypted end to end (either through Windows' built-in message encryption over standard connections or through TLS for secured ones), and the target machine is always determined by Infisical's signed configuration rather than the request itself, so it can't be pointed at an unintended host.
Type ✨
Tests 🛠️
# Here's some code block to paste some code snippets