ssrf-guard 3.0.1 → 3.1.0 + new ssrf-guard-langchain4j-demo#52
Merged
Conversation
- Bump all 5 existing ssrf-guard demos (demo / springai / feign / jdkhttp / okhttp) to ssrf-guard:3.1.0 — both build.gradle.kts and README versions. - Add ssrf-guard-langchain4j-demo: sibling of springai-demo, same SSRF story for the other major Java LLM framework. Wraps every ToolExecutor bean via ssrf-guard-langchain4j; FakeLlmService stands in for an LLM so the demo runs offline; same 12-attack catalog at /agent/attacks. Smoke tests cover the legitimate path, the AWS-metadata block, and the disallowed-host block. - Update top-level READMEs (en/ko): bump versions and add the new demo row. Verified all 6 demos with `./gradlew build --refresh-dependencies` against the live Maven Central 3.1.0 artifacts.
Linux CI runners need the +x bit on gradlew. Windows clones lose it by default; the file was committed as 100644 instead of 100755, which broke the langchain4j-demo job with 'Permission denied'.
3 tasks
jlc488
added a commit
that referenced
this pull request
May 23, 2026
…DMEs (#55) Five spots where the README prose lagged behind the actual build.gradle.kts pin. The build files were correct; the README narrative just got copy-pasted from the SB3 source demo (or, for ssrf-guard, only half-bumped during the 3.0.1 -> 3.1.0 sweep) and never re-grepped. SB4 demos (4 files) — "Files of interest" table said the dep is :easy-paging-spring-boot-starter:0.4.0 but build.gradle.kts pins :0.5.0: easy-paging-sb4-demo/README.md line 76: 0.4.0 -> 0.5.0 easy-paging-sb4-demo/README.ko.md line 76: 0.4.0 -> 0.5.0 easy-paging-sb4-keyset-demo/README.md line 92: 0.4.0 -> 0.5.0 easy-paging-sb4-keyset-demo/README.ko.md line 92: 0.4.0 -> 0.5.0 Root cause: when the four SB4 demos were branched off the SB3 demos in PR #39, build.gradle.kts and the README header callout ("Spring Boot 4 line. ... 0.5.x line") were correctly retargeted to 0.5.0, but the detail table at the bottom of the README ("the only dependency the demo adds...") was left at 0.4.0. The English ones for postgres/reactive don't repeat the version in prose so they were unaffected. ssrf-guard demo (1 file) — only the Korean README, "Files of interest" row listed three sub-artifacts but mixed two versions: ssrf-guard-demo/README.ko.md line 127: :ssrf-guard:3.1.0, :ssrf-guard-resttemplate:3.0.1, :ssrf-guard-webclient:3.0.1 -> :ssrf-guard:3.1.0, :ssrf-guard-resttemplate:3.1.0, :ssrf-guard-webclient:3.1.0 Root cause: PR #52 ("ssrf-guard 3.0.1 -> 3.1.0 + langchain4j demo") bumped the README header and the meta-artifact mention but only the first of the three sub-artifact lines on line 127 of the KO file; the English README on line 128 got all three. KO half-update slipped through review. All SB3 demo READMEs that still reference :0.4.0 are intentional - the SB3 demos pin to the 0.4.x maintenance line on purpose. Verified by grep that no other build.gradle.kts vs README mismatches remain.
jlc488
added a commit
that referenced
this pull request
May 23, 2026
Same Windows-clone gotcha that bit ssrf-guard-langchain4j-demo earlier (devslab-examples/#52 → fixup commit 0971c1b). The gradlew scripts in ssrf-guard-httpclient5-demo and ssrf-guard-native-image-demo were committed as 100644 (no execute bit), so Linux CI failed with: /home/runner/.../gradlew: Permission denied Process completed with exit code 126. Re-stage with chmod=+x → 100755. No content change.
jlc488
added a commit
that referenced
this pull request
May 23, 2026
…e-demo) (#61) * Complete the ssrf-guard demo matrix: httpclient5-demo + native-image-demo Two new demos closing out the ssrf-guard module coverage: ssrf-guard-httpclient5-demo --------------------------- The only ssrf-guard module without a runnable demo before this. Apache HttpClient 5 plugs the SSRF policy in at DNS-resolution time rather than URL-parse time — a different shape from the other client demos. - SafeDnsResolver (DnsResolver SPI): rejects hosts outside the whitelist, filters private/loopback/link-local/cloud-metadata IPs out of the resolved set. The InetAddress[] it returns is what HttpClient hands to Socket.connect(), closing the TOCTOU window. - SafeRedirectStrategy (RedirectStrategy SPI): same DNS gate runs on every redirect hop. - The module ships its own Spring autoconfig (SsrfGuardHttpClient5AutoConfiguration), so the demo's main() needs zero wiring code. Outside Spring, five lines on HttpClients.custom(). The README acknowledges the trade-off honestly: this approach doesn't do URL-parse-time gates (scheme restriction, userinfo rejection) but does close all the practical attack vectors at the resolver, and the TOCTOU-closing property is the main selling point. ssrf-guard-native-image-demo ---------------------------- End-to-end proof that ssrf-guard 3.1.0's RuntimeHintsRegistrar entries let a Spring Boot app `./gradlew nativeCompile` without writing any reflect-config.json for our types. - Pulls kr.devslab:ssrf-guard:3.1.0 (the meta artifact — -restclient + -httpclient5 + -core, hints come along). - Applies org.graalvm.buildtools.native plugin. - Exposes /fetch + /attacks (a 12-pattern catalog). - Surfaces "runtime": "jvm" vs "graalvm-native" so visual inspection confirms which build you're hitting. CI builds JVM mode only (native-image is too slow / memory-heavy for every PR). README documents the local verification flow: - ./gradlew processAot (fast ~10s) to verify hints register - ./gradlew nativeCompile (3-8 min) to produce a working binary Top-level README + README.ko.md updated with rows for both new demos. Verified: ./gradlew build passes for both demos in JVM mode against the live Maven Central kr.devslab:ssrf-guard*:3.1.0 artifacts (httpclient5 build 33s, native-image build 1m21s). * fix(demos): mark gradlew executable in git index for two new demos Same Windows-clone gotcha that bit ssrf-guard-langchain4j-demo earlier (devslab-examples/#52 → fixup commit 0971c1b). The gradlew scripts in ssrf-guard-httpclient5-demo and ssrf-guard-native-image-demo were committed as 100644 (no execute bit), so Linux CI failed with: /home/runner/.../gradlew: Permission denied Process completed with exit code 126. Re-stage with chmod=+x → 100755. No content change.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
demo/springai/feign/jdkhttp/okhttp) from 3.0.1 → 3.1.0 in bothbuild.gradle.ktsand READMEs.ssrf-guard-langchain4j-demo— sibling ofssrf-guard-springai-demo, same SSRF story for LangChain4j (the other major Java LLM framework). Wraps everyToolExecutorbean viassrf-guard-langchain4j;FakeLlmServicestands in for an LLM so the demo runs offline; same 12-attack catalog at/agent/attacks.README.md/README.ko.md— version bumps + new row.Test plan
./gradlew build --refresh-dependenciesagainst live Maven Central 3.1.0 for all 6 ssrf-guard demos:ssrf-guard-demo— BUILD SUCCESSFUL (3m 26s)ssrf-guard-springai-demo— BUILD SUCCESSFUL (3m 21s)ssrf-guard-langchain4j-demo— BUILD SUCCESSFUL (1m 7s) — includes smoke tests for legitimate / blocked-IP-literal / blocked-host pathsssrf-guard-feign-demo— BUILD SUCCESSFUL (4m 16s)ssrf-guard-jdkhttp-demo— BUILD SUCCESSFUL (3m 26s)ssrf-guard-okhttp-demo— BUILD SUCCESSFUL (3m 58s)Related