Skip to content

feat: HTTP Tool Security Hardening — SSRF Protection, Response Size Limits & Input Validation#285

Merged
Sanjusha-tridz merged 3 commits into
developfrom
feat/http-tool-review
Jun 8, 2026
Merged

feat: HTTP Tool Security Hardening — SSRF Protection, Response Size Limits & Input Validation#285
Sanjusha-tridz merged 3 commits into
developfrom
feat/http-tool-review

Conversation

@esafwan
Copy link
Copy Markdown
Contributor

@esafwan esafwan commented Jun 2, 2026

Summary

This is a clean implementation of the HTTP tool security review and hardening from #222. All changes have been applied to a fresh branch off the current develop.

Changes Implemented

1. SSRF Protection & Network Hardening (huf/ai/http_handler.py)

  • DNS-resolving IP check: Blocks all private/internal network addresses (RFC 1918 ranges, localhost 127.0.0.1, 0.0.0.0, ::1, and cloud metadata IPs 169.254.169.254). Relies on socket-resolved IPs to prevent DNS rebinding attacks.
  • Method Allowlist: Restricts outbound HTTP requests to safe/standard methods: GET, POST, PUT, PATCH, DELETE, HEAD.
  • Response Payload Cap: Enforces a strict 10MB limit on the total response body size. Pre-checks the Content-Length header if available, and measures chunks iteratively during streaming to stop downloads immediately when the limit is breached.

2. Broad Ecosystem SSRF Guarding

  • URL Attachment SSRF Guard (huf/ai/tool_functions.py): Integrates validate_url() check inside _download_content() to stop agents downloading files from private endpoints.
  • URL Knowledge Extractor (huf/ai/knowledge/extractors/url.py): Validates user-supplied knowledge source URLs.
  • Image Generation Attachment Guard (huf/ai/sdk_tools.py): Validates generated or fetched image URLs.

3. Server-Side Validation (huf/huf/doctype/agent_tool_function/agent_tool_function.py)

  • CRLF Header Injection Prevention: Ensures that all user-supplied headers do not contain carriage returns (\r) or line feeds (\n).
  • Reserved Parameter Collision Guard: Rejects parameters named url, params, json_data, headers, data, tool_name, or method to prevent conflicts with HTTP handler kwargs.
  • Base URL Verification: Enforces that the base_url is a valid http or https URL with a proper hostname.

4. Frontend Type Safety & Validation (frontend/src/components/tools/toolCreationForm.utils.ts)

  • Zod Schema Updates: Validates the base URL as a valid http/https format, and properly types HTTP headers array.

Verification & Testing

  • SSRF block verified: requests to http://127.0.0.1:8000 or local URLs are successfully blocked.
  • Public outbound requests work: https://httpbin.org/get successfully completed with a 200 response.
  • Frontend builds cleanly without TypeScript compiler issues.

Closes #222

@esafwan esafwan mentioned this pull request Jun 2, 2026
Closed
13 tasks
@Sanjusha-tridz Sanjusha-tridz marked this pull request as draft June 8, 2026 10:38
@Sanjusha-tridz Sanjusha-tridz marked this pull request as ready for review June 8, 2026 11:20
@Sanjusha-tridz Sanjusha-tridz merged commit 4fb9dee into develop Jun 8, 2026
@Sanjusha-tridz Sanjusha-tridz deleted the feat/http-tool-review branch June 8, 2026 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@esafwan @Sanjusha-tridz