refactor: update download_windows_server() based on Mido

2024-04-16 19:18:15 +01:00 · 2024-04-16 19:18:15 +01:00 · e017c2dfa6
parent 9c09fdb000
commit e017c2dfa6
1 changed files with 37 additions and 9 deletions
--- a/46
+++ b/46
@ -3449,11 +3449,17 @@ function download_windows_server() {

    local url="https://www.microsoft.com/en-us/evalcenter/download-$windows_version"

-    local iso_download_page_html="$(curl --silent --location --fail --proto =https --tlsv1.2 --http1.1 -- "$url")" || {
+    local iso_download_page_html="$(curl --silent --location --max-filesize 1M --fail --proto =https --tlsv1.2 --http1.1 -- "$url")" || {
        handle_curl_error $?
        return $?
    }

+    if ! [ "$iso_download_page_html" ]; then
+        # This should only happen if there's been some change to where this download page is located
+        echo " - Windows server download page gave us an empty response"
+        return 1
+    fi
+
    local CULTURE=""
    local COUNTRY=""
    local PRETTY_RELEASE=""
@ -3504,24 +3510,46 @@ function download_windows_server() {
            COUNTRY="US";;
    esac

-    iso_download_links="$(echo "$iso_download_page_html" | grep -o "https://go.microsoft.com/fwlink/p/?LinkID=[0-9]\+&clcid=0x[0-9a-z]\+&culture=$CULTURE&country=$COUNTRY" | head -c 1024)"
+    iso_download_links="$(echo "$iso_download_page_html" | grep -o "https://go.microsoft.com/fwlink/p/?LinkID=[0-9]\+&clcid=0x[0-9a-z]\+&culture=$CULTURE&country=$COUNTRY")" || {
+        # This should only happen if there's been some change to the download endpoint web address
+        echo "- Windows server download page gave us no download link"
+        return 1
+    }
+
+    # Limit untrusted size for input validation
+    iso_download_links="$(echo "$iso_download_links" | head -c 1024)"

    case "$enterprise_type" in
+        # Select x64 download link
+        "enterprise") iso_download_link=$(echo "$iso_download_links" | head -n 2 | tail -n 1) ;;
        # Select x64 LTSC download link
        "ltsc") iso_download_link=$(echo "$iso_download_links" | head -n 4 | tail -n 1) ;;
        *) iso_download_link="$iso_download_links" ;;
    esac

-    iso_download_link="$(curl --silent --location --output /dev/null --silent --write-out "%{url_effective}" --head --fail --proto =https --tlsv1.2 --http1.1 -- "$iso_download_link")"
+    # Follow redirect so proceeding log message is useful
+    # This is a request we make this Fido doesn't
+    # We don't need to set "--max-filesize" here because this is a HEAD request and the output is to /dev/null anyway
+    iso_download_link="$(curl --silent --location --output /dev/null --silent --write-out "%{url_effective}" --head --fail --proto =https --tlsv1.2 --http1.1 -- "$iso_download_link")" || {
+        # This should only happen if the Microsoft servers are down
+        handle_curl_error $?
+        return $?
+    }

-    if [ "${COUNTRY}" != "US" ]; then
-        echo Downloading $(pretty_name "${OS}") ${PRETTY_RELEASE} in "${LANG}" from "$iso_download_link"
-    else
-        echo Downloading $(pretty_name "${OS}") ${PRETTY_RELEASE} from "$iso_download_link"
-    fi
+    # Limit untrusted size for input validation
+    iso_download_link="$(echo "$iso_download_link" | head -c 1024)"

+    echo "Downloading $(pretty_name "${OS}") ${PRETTY_RELEASE} (${LANG}): $iso_download_link"
+
+    # Use highest TLS version for endpoints that support it
+    case "$iso_download_link" in
+        "https://download.microsoft.com"*) tls_version="1.2" ;;
+        *) tls_version="1.3" ;;
+    esac
+
+    # Download ISO
    FILE_NAME="${iso_download_link##*/}"
-    web_get "$iso_download_link" "${VM_PATH}" "${FILE_NAME}"
+    curl_windows "${VM_PATH}" "${FILE_NAME}" "$tls_version" "$iso_download_link"
    OS="windows-server"
 }