nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openclaw/src/link-understanding
History
AI-Reviewer-QS 649826e435
fix(security): block private/loopback/metadata IPs in link-understanding URL detection (#15604) 
* fix(security): block private/loopback/metadata IPs in link-understanding URL detection

isAllowedUrl() only blocked 127.0.0.1, leaving localhost, ::1, 0.0.0.0,
private RFC1918 ranges, link-local (169.254.x.x including cloud metadata),
and CGNAT (100.64.0.0/10) accessible for SSRF via link-understanding.

Add comprehensive hostname/IP blocking consistent with the SSRF guard
already used by media/fetch.ts.

* fix(security): harden link-understanding SSRF host checks

* fix: note link-understanding SSRF hardening in changelog (#15604) (thanks @AI-Reviewer-QS)

---------

Co-authored-by: Yi LIU <yi@quantstamp.com>
Co-authored-by: Peter Steinberger <steipete@gmail.com>
 		2026-02-13 18:38:40 +01:00
..
apply.ts chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00
defaults.ts Add link understanding tool support (#1637) 2026-01-25 00:15:54 +00:00
detect.test.ts fix(security): block private/loopback/metadata IPs in link-understanding URL detection (#15604) 2026-02-13 18:38:40 +01:00
detect.ts fix(security): block private/loopback/metadata IPs in link-understanding URL detection (#15604) 2026-02-13 18:38:40 +01:00
format.ts chore: Enable "curly" rule to avoid single-statement if confusion/errors. 2026-01-31 16:19:20 +09:00
index.ts Add link understanding tool support (#1637) 2026-01-25 00:15:54 +00:00
runner.ts chore: Enable "experimentalSortImports" in Oxfmt and reformat all imorts. 2026-02-01 10:03:47 +09:00