fix(integrations): защитить HTTP provider от SSRF#719
Merged
Conversation
Adding .gitkeep for PR creation (default mode). This file will be removed when the task is complete. Issue: #696
Collaborator
Author
Working session summaryИсправление готово: PR #719 переведён в Ready for review. Что сделано:
Проверки:
This summary was automatically extracted from the AI working session output. |
Collaborator
Author
🤖 Solution Draft LogThis log file contains the complete execution trace of the AI solution draft process. 💰 Cost estimation:
📊 Context and tokens usage:
Total: (265.2K + 19.4M cached) input tokens, 23.5K output tokens, $23.073165 cost 🤖 Models used:
📎 Log file uploaded as Gist (3530KB)Now working session is ended, feel free to review and add any feedback on the solution draft. |
Collaborator
Author
🎉 Auto-mergedThis pull request has been automatically merged by hive-mind.
Auto-merged by hive-mind with --auto-merge flag |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Что исправлено
healthCheckUrlобщим outbound URL guard.undicidispatcher, что закрывает DNS rebinding между проверкой и соединением.3xxне может перенаправить запрос на непроверенный origin.fetchImpl, чтобы provider и общий guard оставались детерминированно тестируемыми.Как воспроизвести исходную проблему
baseUrlлибо сallowCrossOrigin: true.requestсurl: "http://169.254.169.254/latest/meta-data/".fetch; теперь provider возвращает ошибку о private/loopback/metadata address до сетевого вызова.Проверка
healthCheckUrl, публичного URL через pinned dispatcher и очистки timeout при отказе guard.npm run typecheck.npm run lint.git diff --check.npm test: 3778/3781 прошли; три несвязанных timing-теста не выдержали параллельную нагрузку, каждый затронутый suite отдельно прошёл (17/17 и 2/2).Fixes #696