mirror of
https://github.com/labring/FastGPT.git
synced 2026-05-02 01:02:05 +08:00
Archer
91a130307d
* fix: SSRF vulnerability in HTTP Tool (GHSA-6g6x-8hq5-9cw4) 修复 HTTP Tool 中的 SSRF 漏洞,防止攻击者访问内部网络资源。 主要变更: 1. 在 runHTTPTool 函数中添加 isInternalAddress 验证 2. 修改 CHECK_INTERNAL_IP 默认行为为启用(安全优先) 3. 添加全面的单元测试验证修复 安全改进: - 阻止访问 AWS/GCP/Azure 等云服务商元数据端点 - 阻止访问 Kubernetes 服务端点 - 阻止访问私有 IP 范围 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) - 阻止访问 localhost 和 127.0.0.1 - 阻止访问 link-local 地址 (169.254.0.0/16) 破坏性变更: - CHECK_INTERNAL_IP 环境变量默认值从 false 改为 true - 需要访问内部服务的用户需要显式设置 CHECK_INTERNAL_IP=false(不推荐) 测试: - 添加 23 个测试用例覆盖各种 SSRF 攻击场景 - 所有测试通过 相关问题: - Fixes GHSA-6g6x-8hq5-9cw4 - CWE-918: Server-Side Request Forgery Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * test: update isInternalAddress tests for new default behavior 更新测试以反映 CHECK_INTERNAL_IP 的新默认行为(默认启用安全检查)。 变更: - 修改默认行为测试:现在默认阻止私有 IP 地址 - 添加 CHECK_INTERNAL_IP=false 测试组:测试向后兼容模式 - 所有 62 个测试通过 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * doc --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
315 lines
9.5 KiB
TypeScript
315 lines
9.5 KiB
TypeScript
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
|
|
import { runHTTPTool } from '@fastgpt/service/core/app/http';
|
|
|
|
describe('SSRF Vulnerability Fix Tests', () => {
|
|
const originalEnv = process.env.CHECK_INTERNAL_IP;
|
|
|
|
beforeEach(() => {
|
|
// 确保测试环境启用内部 IP 检查
|
|
delete process.env.CHECK_INTERNAL_IP;
|
|
});
|
|
|
|
afterEach(() => {
|
|
// 恢复原始环境变量
|
|
if (originalEnv !== undefined) {
|
|
process.env.CHECK_INTERNAL_IP = originalEnv;
|
|
} else {
|
|
delete process.env.CHECK_INTERNAL_IP;
|
|
}
|
|
});
|
|
|
|
describe('AWS Metadata Endpoint Protection', () => {
|
|
it('should block AWS metadata endpoint (169.254.169.254)', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://169.254.169.254',
|
|
toolPath: '/latest/meta-data/iam/security-credentials/',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should block AWS metadata endpoint with IPv6', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://[fd00:ec2::254]',
|
|
toolPath: '/latest/meta-data/',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
});
|
|
|
|
describe('Kubernetes Service Protection', () => {
|
|
it('should block Kubernetes default service', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://kubernetes.default.svc',
|
|
toolPath: '/api/v1/namespaces/default/secrets/',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should block Kubernetes HTTPS endpoint', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'https://kubernetes.default.svc',
|
|
toolPath: '/api/v1/pods',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
});
|
|
|
|
describe('Private IP Range Protection', () => {
|
|
it('should block 10.0.0.0/8 private network', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://10.0.0.1',
|
|
toolPath: '/admin',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should block 172.16.0.0/12 private network', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://172.16.0.1',
|
|
toolPath: '/internal',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should block 192.168.0.0/16 private network', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://192.168.1.1',
|
|
toolPath: '/router',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
});
|
|
|
|
describe('Localhost Protection', () => {
|
|
it('should block localhost', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://localhost',
|
|
toolPath: '/admin',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should block 127.0.0.1', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://127.0.0.1',
|
|
toolPath: '/admin',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should block IPv6 localhost (::1)', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://[::1]',
|
|
toolPath: '/admin',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
});
|
|
|
|
describe('Cloud Provider Metadata Endpoints', () => {
|
|
it('should block GCP metadata endpoint', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://metadata.google.internal',
|
|
toolPath: '/computeMetadata/v1/',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should block Alibaba Cloud metadata endpoint', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://100.100.100.200',
|
|
toolPath: '/latest/meta-data/',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should block Tencent Cloud metadata endpoint', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://metadata.tencentyun.com',
|
|
toolPath: '/latest/meta-data/',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
});
|
|
|
|
describe('Link-Local Address Protection', () => {
|
|
it('should block 169.254.0.0/16 link-local addresses', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://169.254.1.1',
|
|
toolPath: '/metadata',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should block IPv6 link-local addresses (fe80::)', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://[fe80::1]',
|
|
toolPath: '/admin',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
});
|
|
|
|
describe('URL Construction Edge Cases', () => {
|
|
it('should handle baseUrl without protocol', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: '169.254.169.254',
|
|
toolPath: '/latest/meta-data/',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should handle relative toolPath', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://localhost:8080',
|
|
toolPath: 'api/admin',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
|
|
it('should handle absolute toolPath', async () => {
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://localhost',
|
|
toolPath: '/api/admin',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
expect(result.data).toBeUndefined();
|
|
});
|
|
});
|
|
|
|
describe('Environment Variable Control', () => {
|
|
it('should always block cloud metadata endpoints even when CHECK_INTERNAL_IP=false', async () => {
|
|
process.env.CHECK_INTERNAL_IP = 'false';
|
|
|
|
// 云服务商元数据端点应该始终被阻止,这是安全的关键
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://169.254.169.254',
|
|
toolPath: '/latest/meta-data/',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
});
|
|
|
|
it('should always block localhost even when CHECK_INTERNAL_IP=false', async () => {
|
|
process.env.CHECK_INTERNAL_IP = 'false';
|
|
|
|
// localhost 应该始终被阻止
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://localhost',
|
|
toolPath: '/test',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
});
|
|
|
|
it('should block internal addresses by default (no env var)', async () => {
|
|
delete process.env.CHECK_INTERNAL_IP;
|
|
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://localhost',
|
|
toolPath: '/test',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
});
|
|
|
|
it('should block internal addresses when CHECK_INTERNAL_IP=true', async () => {
|
|
process.env.CHECK_INTERNAL_IP = 'true';
|
|
|
|
const result = await runHTTPTool({
|
|
baseUrl: 'http://localhost',
|
|
toolPath: '/test',
|
|
method: 'GET',
|
|
params: {}
|
|
});
|
|
|
|
expect(result.errorMsg).toBe('Access to internal addresses is not allowed');
|
|
});
|
|
});
|
|
|
|
describe('Legitimate External URLs', () => {
|
|
// 注意:这些测试会实际发起网络请求,可能需要 mock
|
|
it('should allow legitimate external URLs (example.com)', async () => {
|
|
// 这个测试需要 mock axios 或者跳过
|
|
// 因为我们不想在测试中实际发起外部请求
|
|
});
|
|
});
|
|
});
|