fix: guard remote media fetches with SSRF checks

2026-05-09 15:04:33 +00:00 · 2026-02-02 04:04:27 -08:00
parent d842b28a15
commit 81c68f582d
11 changed files with 422 additions and 241 deletions
--- a/src/media/fetch.test.ts
+++ b/src/media/fetch.test.ts
@@ -1,4 +1,4 @@
-import { describe, expect, it } from "vitest";
+import { describe, expect, it, vi } from "vitest";
 import { fetchRemoteMedia } from "./fetch.js";

 function makeStream(chunks: Uint8Array[]) {
@@ -14,6 +14,7 @@ function makeStream(chunks: Uint8Array[]) {

 describe("fetchRemoteMedia", () => {
  it("rejects when content-length exceeds maxBytes", async () => {
+    const lookupFn = vi.fn(async () => [{ address: "93.184.216.34", family: 4 }]);
    const fetchImpl = async () =>
      new Response(makeStream([new Uint8Array([1, 2, 3, 4, 5])]), {
        status: 200,
@@ -25,11 +26,13 @@ describe("fetchRemoteMedia", () => {
        url: "https://example.com/file.bin",
        fetchImpl,
        maxBytes: 4,
+        lookupFn,
      }),
    ).rejects.toThrow("exceeds maxBytes");
  });

  it("rejects when streamed payload exceeds maxBytes", async () => {
+    const lookupFn = vi.fn(async () => [{ address: "93.184.216.34", family: 4 }]);
    const fetchImpl = async () =>
      new Response(makeStream([new Uint8Array([1, 2, 3]), new Uint8Array([4, 5, 6])]), {
        status: 200,
@@ -40,7 +43,20 @@ describe("fetchRemoteMedia", () => {
        url: "https://example.com/file.bin",
        fetchImpl,
        maxBytes: 4,
+        lookupFn,
      }),
    ).rejects.toThrow("exceeds maxBytes");
  });
+
+  it("blocks private IP literals before fetching", async () => {
+    const fetchImpl = vi.fn();
+    await expect(
+      fetchRemoteMedia({
+        url: "http://127.0.0.1/secret.jpg",
+        fetchImpl,
+        maxBytes: 1024,
+      }),
+    ).rejects.toThrow(/private|internal|blocked/i);
+    expect(fetchImpl).not.toHaveBeenCalled();
+  });
 });