Skip to content

feat(webhooks): reject SSRF-prone private hosts#247

Open
changliuchang777 wants to merge 1 commit into
StableRoute-Org:mainfrom
changliuchang777:security/webhooks-09-ssrf-url-validation
Open

feat(webhooks): reject SSRF-prone private hosts#247
changliuchang777 wants to merge 1 commit into
StableRoute-Org:mainfrom
changliuchang777:security/webhooks-09-ssrf-url-validation

Conversation

@changliuchang777

Copy link
Copy Markdown

Summary

  • add webhook URL validation with new URL() before storing destinations
  • reject localhost, loopback, private IPv4 ranges, link-local metadata IPs, IPv6 loopback/link-local/ULA hosts, and IPv4-mapped private addresses
  • reject non-default privileged ports below 1024 unless allowlisted through WEBHOOK_ALLOWED_LOW_PORTS
  • keep the existing scheme/length checks and canonical 400 invalid_request response shape
  • document the webhook SSRF policy and add focused webhook registration tests

Fixes #9

Validation

  • git diff --check passed except Git for Windows LF/CRLF warnings
  • npm test -- --runInBand src/__tests__/webhooks.test.ts blocked by existing baseline parse error in src/index.ts: duplicate WEBHOOK_MAX_EVENTS
  • npm run build blocked by existing baseline TypeScript errors in src/index.ts and src/__tests__/store.adapter.test.ts
  • npm run lint blocked by existing baseline lint errors unrelated to this change

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Validate webhook URLs against SSRF-prone private network ranges

1 participant