From 4120930ac19ab7296818fdc1d1389e7799168867 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Tue, 22 Mar 2022 22:47:33 +0100
Subject: [PATCH] fetchClosure: Only allow some "safe" store types

---
 src/libexpr/primops/fetchClosure.cc | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/libexpr/primops/fetchClosure.cc b/src/libexpr/primops/fetchClosure.cc
index c3f07b6d6..247bceb07 100644
--- a/src/libexpr/primops/fetchClosure.cc
+++ b/src/libexpr/primops/fetchClosure.cc
@@ -1,6 +1,7 @@
 #include "primops.hh"
 #include "store-api.hh"
 #include "make-content-addressed.hh"
+#include "url.hh"
 
 namespace nix {
 
@@ -50,8 +51,15 @@ static void prim_fetchClosure(EvalState & state, const Pos & pos, Value * * args
             .errPos = pos
         });
 
-    // FIXME: only allow some "trusted" store types (like BinaryCacheStore).
-    auto fromStore = openStore(*fromStoreUrl);
+    auto parsedURL = parseURL(*fromStoreUrl);
+
+    if (parsedURL.scheme != "http" && parsedURL.scheme != "https")
+        throw Error({
+            .msg = hintfmt("'fetchClosure' only supports http:// and https:// stores"),
+            .errPos = pos
+        });
+
+    auto fromStore = openStore(parsedURL.to_string());
 
     if (toCA) {
         if (!toPath || !state.store->isValidPath(*toPath)) {