vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-18 20:04:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
99dfb8291f1cd6f201e10144a16c3372f3467b8f
openclaw/src/shared
History
Kaspre 44840007d4 fix(agents): scope custom provider baseUrl SSRF trust by origin (#80751) 
* fix(agents): scope provider SSRF trust by origin

* fix(provider): preserve explicit private-network deny

* docs(provider): document exact-origin SSRF trust

* test(provider): cover exact-origin SSRF edges

* docs(provider): align local model private-origin guidance

* refactor(ssrf): keep policy merging in infra

* test(ssrf): cover exact-origin trust through guard

* test(ssrf): block sibling private-origin redirects

* fix(provider): keep loopback trust origin-scoped

* fix(provider): block metadata origin trust

* fix(ssrf): keep metadata rebinding blocked

* fix(ssrf): block cloud metadata origins

* fix(ssrf): block ipv6 metadata origins

* fix(ssrf): block embedded metadata origins

* test(ssrf): cover embedded link-local metadata

* test(provider): cover custom anthropic proxy classification

* test(provider): widen transport policy mock

* test(plugin-sdk): assert metadata-IP allowedOrigins entries are rejected

Plugin authors can construct an SsrFPolicy that lists any well-formed
http(s) origin in allowedOrigins. The abuse-resistance lives one layer
deeper, in resolvePinnedHostnameWithPolicy's metadata/link-local block.
Add an SDK-level smoke test asserting that contract directly:

- AWS/Alibaba IMDS IPv4 literals, GCP metadata canonical hostname,
  IPv6 ULA metadata literal, and non-metadata link-local IPv4 entries
  build a policy via ssrfPolicyFromHttpBaseUrlAllowedOrigin and are
  then rejected at resolvePinnedHostnameWithPolicy.
- DNS rebinding from a trusted private DNS origin to a metadata IP is
  rejected even when the request hostname is origin-trusted.

This would fail if the SDK helper or resolveSsrFPolicyForUrl ever
short-circuited past the metadata block.

* chore(docs): regenerate baselines after upstream rebase

upstream/main moved between rebases; the merged source state for the
PR's `src/config/schema.help.ts` change and the upstream plugin-sdk
surface changes both produce different hashes than the committed
baselines, so `config:docs:check` and `plugin-sdk:api:check` would fail.

Regenerated via `pnpm config:docs:gen` + `pnpm plugin-sdk:api:gen` on
Crabbox; both baselines verified with their respective `--check`
generators.

* test(plugin-sdk): assert SSRF blocked error class

* fix(lint): satisfy exact-origin PR lint rules

* docs: clarify custom provider origin trust

* chore(docs): refresh plugin sdk api baseline

---------

Co-authored-by: Peter Steinberger <steipete@gmail.com>
2026-05-15 11:00:29 +01:00
..
net
fix(agents): scope custom provider baseUrl SSRF trust by origin (#80751)
2026-05-15 11:00:29 +01:00
text
fix: strip workflow function responses from replies
2026-05-15 09:57:44 +01:00
agent-run-status.test.ts
refactor: centralize agent run pending status
2026-05-05 18:21:58 +01:00
agent-run-status.ts
refactor: centralize agent run pending status
2026-05-05 18:21:58 +01:00
assistant-error-format.ts
Handle generic provider internal errors (#49401)
2026-05-12 23:58:27 +03:00
assistant-identity-values.test.ts
assistant-identity-values.ts
avatar-policy.test.ts
avatar-policy.ts
[codex] Extract filesystem safety primitives (#77918)
2026-05-06 02:15:17 +01:00
balanced-json.ts
chat-content.test.ts
chat-content.ts
chat-envelope.test.ts
chat-envelope.ts
chore(channels): remove bluebubbles bundled surface
2026-05-07 12:52:48 -07:00
chat-message-content.test.ts
chat-message-content.ts
config-eval.test.ts
config-eval.ts
config-ui-hints-types.ts
custom-command-config.ts
device-auth-store.test.ts
Revert "refactor: move runtime state to SQLite"
2026-05-13 13:33:38 +01:00
device-auth-store.ts
Revert "refactor: move runtime state to SQLite"
2026-05-13 13:33:38 +01:00
device-auth.test.ts
test: tighten shared empty array assertions
2026-05-09 05:37:51 +01:00
device-auth.ts
device-bootstrap-profile.test.ts
Require approval for setup-code device pairing [AI] (#81292)
2026-05-13 18:48:44 +05:30
device-bootstrap-profile.ts
Require approval for setup-code device pairing [AI] (#81292)
2026-05-13 18:48:44 +05:30
device-pairing-access.test.ts
device-pairing-access.ts
entry-metadata.test.ts
test: tighten shared empty object assertions
2026-05-09 04:13:56 +01:00
entry-metadata.ts
entry-status.test.ts
test: tighten registry empty array assertions
2026-05-09 05:40:02 +01:00
entry-status.ts
frontmatter.test.ts
test: tighten shared empty array assertions
2026-05-09 05:37:51 +01:00
frontmatter.ts
gateway-bind-url.test.ts
gateway-bind-url.ts
gateway-method-policy.ts
refactor: hide core helper internals
2026-05-02 08:47:11 +01:00
global-singleton.test.ts
global-singleton.ts
google-models.ts
google-turn-ordering.ts
Revert "refactor: move runtime state to SQLite"
2026-05-13 13:33:38 +01:00
human-list.ts
import-specifier.ts
fix(agents): normalize Windows runtime imports (#72731)
2026-04-27 10:34:25 +01:00
json-schema.types.ts
lazy-promise.test.ts
refactor: unify lazy module loaders
2026-05-02 10:15:25 +01:00
lazy-promise.ts
refactor: unify lazy module loaders
2026-05-02 10:15:25 +01:00
lazy-runtime.ts
listeners.ts
message-content-blocks.ts
model-param-b.test.ts
model-param-b.ts
node-list-parse.test.ts
test: tighten shared empty array assertions
2026-05-09 05:37:51 +01:00
node-list-parse.ts
node-list-types.ts
feat: add authenticated iOS background presence beacon (#73330)
2026-04-28 08:10:35 +01:00
node-match.test.ts
test: tighten registry empty array assertions
2026-05-09 05:40:02 +01:00
node-match.ts
node-presence.ts
refactor: hide shared constants
2026-05-02 08:29:21 +01:00
node-resolve.test.ts
node-resolve.ts
number-coercion.ts
fix: carry transcript update sequence
2026-05-14 08:59:31 +01:00
operator-scope-compat.test.ts
operator-scope-compat.ts
pid-alive.test.ts
fix(auth): reclaim zombie-owned stale locks
2026-05-14 08:49:00 +01:00
pid-alive.ts
fix(auth): reclaim zombie-owned stale locks
2026-05-14 08:49:00 +01:00
record-coerce.test.ts
record-coerce.ts
regexp.ts
requirements.test.ts
test: tighten shared empty array assertions
2026-05-09 05:37:51 +01:00
requirements.ts
runtime-import.test.ts
fix(agents): normalize Windows runtime imports (#72731)
2026-04-27 10:34:25 +01:00
runtime-import.ts
fix(agents): normalize Windows runtime imports (#72731)
2026-04-27 10:34:25 +01:00
scoped-expiring-id-cache.ts
session-types.ts
fix(sessions): report ACP-runtime metadata for ACP-keyed sessions
2026-05-13 19:03:50 -07:00
session-usage-timeseries-types.ts
silent-reply-policy.test.ts
Revert "refactor: move runtime state to SQLite"
2026-05-13 13:33:38 +01:00
silent-reply-policy.ts
Revert "refactor: move runtime state to SQLite"
2026-05-13 13:33:38 +01:00
string-coerce.ts
string-normalization.test.ts
test: tighten registry empty array assertions
2026-05-09 05:40:02 +01:00
string-normalization.ts
fix(shared): preserve unicode slug labels
2026-04-28 21:56:56 -07:00
string-sample.test.ts
string-sample.ts
subagents-format.test.ts
subagents-format.ts
tailscale-status.test.ts
tailscale-status.ts
text-chunking.test.ts
test: tighten shared empty array assertions
2026-05-09 05:37:51 +01:00
text-chunking.ts
thread-binding-lifecycle.test.ts
thread-binding-lifecycle.ts
usage-aggregates.test.ts
test: tighten registry empty array assertions
2026-05-09 05:40:02 +01:00
usage-aggregates.ts
usage-types.ts
fix(usage): roll up session lineage history
2026-05-07 22:38:11 -05:00