Skip to content

fix(security): expand SSRF hostname blocklist#26

Open
mduongvandinh wants to merge 1 commit intoRightNow-AI:mainfrom
mduongvandinh:fix/expand-ssrf-blocklist
Open

fix(security): expand SSRF hostname blocklist#26
mduongvandinh wants to merge 1 commit intoRightNow-AI:mainfrom
mduongvandinh:fix/expand-ssrf-blocklist

Conversation

@mduongvandinh
Copy link

@mduongvandinh mduongvandinh commented Feb 27, 2026

Summary

  • Expand SSRF hostname blocklist in check_ssrf() to cover additional cloud metadata endpoints
  • Fix IPv6 bracketed hostname extraction (e.g. http://[::1]:8080/)

Changes

  • Add 6 new blocked hostnames: ip6-localhost, 100.100.100.200 (Alibaba Cloud), 192.0.0.192 (Azure IMDS), 0.0.0.0, ::1, [::1]
  • Fix hostname parser to correctly handle IPv6 bracket notation ([::1]:port was extracted as [ instead of [::1])
  • Add 3 new tests: ssrf_blocks_alibaba_metadata, ssrf_blocks_ipv6_localhost, ssrf_blocks_zero_ip

Test plan

  • All 16 SSRF tests pass (cargo test -p openfang-runtime ssrf)
  • Clippy clean (cargo clippy -p openfang-runtime --all-targets -- -D warnings)
  • No regressions in existing tests

Files changed

  • crates/openfang-runtime/src/web_fetch.rs (+33, -2)

@mduongvandinh
fix(security): expand SSRF hostname blocklist
6ec1614 
Add Alibaba Cloud metadata (100.100.100.200), Azure legacy IMDS
(192.0.0.192), IPv6 loopback (::1, [::1]), ip6-localhost, and
0.0.0.0 to the hostname blocklist in check_ssrf().

Fix IPv6 bracketed hostname extraction for URLs like
http://[::1]:8080/ — the old host.split(':') logic extracted "["
instead of "[::1]".

Prevents SSRF attacks targeting additional cloud metadata endpoints.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mduongvandinh