Commit 7ebcc19
committed
fix(posthog): reject unsafe self-hosted host values (SSRF)
The self-hosted host field accepted any string and only stripped
trailing slashes before prepending https://, so a workflow could point
it at loopback/private/link-local addresses (e.g. cloud instance-
metadata endpoints) and the executor would make a real server-side
request to it. Reuse the shared validateExternalUrl SSRF guard, same
pattern already used for Convex's custom deployment URL
(tools/convex/utils.ts); the tool executor separately re-validates with
DNS resolution and pins the resolved IP for the actual request.
Also drop an unused params arg in evaluate_flags' headers function.1 parent fdecd8a commit 7ebcc19
2 files changed
Lines changed: 13 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
80 | 80 | | |
81 | 81 | | |
82 | 82 | | |
83 | | - | |
| 83 | + | |
84 | 84 | | |
85 | 85 | | |
86 | 86 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
1 | 3 | | |
2 | 4 | | |
3 | 5 | | |
| |||
7 | 9 | | |
8 | 10 | | |
9 | 11 | | |
10 | | - | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
11 | 16 | | |
12 | 17 | | |
13 | 18 | | |
| |||
26 | 31 | | |
27 | 32 | | |
28 | 33 | | |
29 | | - | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
30 | 40 | | |
0 commit comments