* fix(msteams): add SSRF validation to file consent upload URL
The uploadToConsentUrl() function previously accepted any URL from the
fileConsent/invoke response without validation. A malicious Teams tenant
user could craft an invoke activity with an attacker-controlled uploadUrl,
causing the bot to PUT file data to arbitrary destinations (SSRF).
This commit adds validateConsentUploadUrl() which enforces:
1. HTTPS-only protocol
2. Hostname must match a strict allowlist of Microsoft/SharePoint
domains (sharepoint.com, graph.microsoft.com, onedrive.com, etc.)
3. DNS resolution check rejects private/reserved IPs (RFC 1918,
loopback, link-local) to prevent DNS rebinding attacks
The CONSENT_UPLOAD_HOST_ALLOWLIST is intentionally narrower than the
existing DEFAULT_MEDIA_HOST_ALLOWLIST, excluding overly broad domains
like blob.core.windows.net and trafficmanager.net that any Azure
customer can create endpoints under.
Includes 47 tests covering IPv4/IPv6 private IP detection, protocol
enforcement, hostname allowlist matching, DNS failure handling, and
end-to-end upload validation.
* fix(msteams): validate all DNS answers for consent uploads
* fix(msteams): restore changelog header
---------
Co-authored-by: Brad Groux <bradgroux@users.noreply.github.com>
When chunks_vec cannot be updated (sqlite-vec extension not loaded),
the memory index now emits an error-level warning instead of silently
reporting success.
Before this change: 'Memory index updated (hull).' was emitted even
when the vector index (chunks_vec) was not updated due to sqlite-vec
being unavailable. This masked silent vector recall degradation.
After this change:
- If vector.enabled=true and vector.available=false: emits
'Memory index WARNING (agentId): chunks_vec not updated — sqlite-vec
unavailable: <reason>. Vector recall degraded.'
- If vector is healthy: emits normal success message unchanged
- Per-file warning also emitted in writeChunks when chunks are written
without vector embeddings
Fixes: HELM-0251 (local dist patch — this makes it update-safe)
Related: HELM-0252 (this PR)
Remote browser profiles can pass HTTP reachability while Browser.getVersion on the CDP websocket is still warming up right after restart. Add one retry in ensureBrowserAvailable for remote CDP profiles and cover it with a regression test.
Fixes#57397
Co-authored-by: ThanhNguyxn <thanhnguyentuan2007@gmail.com>
