nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
openclaw/src/infra/net
History
smartprogrammer93 6d2e3685d6 feat(tools): add URL allowlist for web_search and web_fetch 
Add optional urlAllowlist config at tools.web level that restricts which
URLs can be accessed by web tools:

- Config types (types.tools.ts): Add urlAllowlist?: string[] to tools.web
- Zod schema: Add urlAllowlist field to ToolsWebSchema
- Schema help: Add help text for the new config fields
- web_search: Filter Brave search results by allowlist (provider=brave)
- web_fetch: Block URLs not matching allowlist before fetching
- ssrf.ts: Export normalizeHostnameAllowlist and matchesHostnameAllowlist

URL matching supports:
- Exact domain match (example.com)
- Wildcard patterns (*.github.com)

When urlAllowlist is not configured, all URLs are allowed (backwards compatible).

Tests: Add web-tools.url-allowlist.test.ts with 23 tests covering:
- URL allowlist resolution from config
- Wildcard pattern matching
- web_fetch error response format
- Brave search result filtering
 		2026-02-16 23:50:18 +01:00
..
fetch-guard.ssrf.test.ts fix: harden OpenResponses URL input fetching 2026-02-13 01:38:49 +01:00
fetch-guard.ts fix: use relayAbort helper for addEventListener to preserve AbortError reason 2026-02-13 18:13:18 +01:00
hostname.ts refactor(net): share hostname normalization 2026-02-16 01:01:22 +00:00
ssrf.pinning.test.ts fix: harden OpenResponses URL input fetching 2026-02-13 01:38:49 +01:00
ssrf.test.ts perf(test): fold tls fingerprint normalization into ssrf suite 2026-02-16 02:44:59 +00:00
ssrf.ts feat(tools): add URL allowlist for web_search and web_fetch 2026-02-16 23:50:18 +01:00