fix(gateway): guard cron webhook delivery against SSRF

2026-05-08 09:21:23 +00:00 · 2026-02-18 04:47:26 +01:00
parent bc00c7d156
commit 99db4d13e5
3 changed files with 100 additions and 17 deletions
--- a/src/gateway/server-cron.test.ts
+++ b/src/gateway/server-cron.test.ts
@@ -3,10 +3,12 @@ import path from "node:path";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 import type { CliDeps } from "../cli/deps.js";
 import type { OpenClawConfig } from "../config/config.js";
+import { SsrFBlockedError } from "../infra/net/ssrf.js";

 const enqueueSystemEventMock = vi.fn();
 const requestHeartbeatNowMock = vi.fn();
 const loadConfigMock = vi.fn();
+const fetchWithSsrFGuardMock = vi.fn();

 vi.mock("../infra/system-events.js", () => ({
  enqueueSystemEvent: (...args: unknown[]) => enqueueSystemEventMock(...args),
@@ -24,6 +26,10 @@ vi.mock("../config/config.js", async () => {
  };
 });

+vi.mock("../infra/net/fetch-guard.js", () => ({
+  fetchWithSsrFGuard: (...args: unknown[]) => fetchWithSsrFGuardMock(...args),
+}));
+
 import { buildGatewayCronService } from "./server-cron.js";

 describe("buildGatewayCronService", () => {
@@ -31,6 +37,7 @@ describe("buildGatewayCronService", () => {
    enqueueSystemEventMock.mockReset();
    requestHeartbeatNowMock.mockReset();
    loadConfigMock.mockReset();
+    fetchWithSsrFGuardMock.mockReset();
  });

  it("canonicalizes non-agent sessionKey to agent store key for enqueue + wake", async () => {
@@ -78,4 +85,58 @@ describe("buildGatewayCronService", () => {
      state.cron.stop();
    }
  });
+
+  it("blocks private webhook URLs via SSRF-guarded fetch", async () => {
+    const tmpDir = path.join(os.tmpdir(), `server-cron-ssrf-${Date.now()}`);
+    const cfg = {
+      session: {
+        mainKey: "main",
+      },
+      cron: {
+        store: path.join(tmpDir, "cron.json"),
+      },
+    } as OpenClawConfig;
+
+    loadConfigMock.mockReturnValue(cfg);
+    fetchWithSsrFGuardMock.mockRejectedValue(
+      new SsrFBlockedError("Blocked: private/internal IP address"),
+    );
+
+    const state = buildGatewayCronService({
+      cfg,
+      deps: {} as CliDeps,
+      broadcast: () => {},
+    });
+    try {
+      const job = await state.cron.add({
+        name: "ssrf-webhook-blocked",
+        enabled: true,
+        schedule: { kind: "at", at: new Date(1).toISOString() },
+        sessionTarget: "main",
+        wakeMode: "next-heartbeat",
+        payload: { kind: "systemEvent", text: "hello" },
+        delivery: {
+          mode: "webhook",
+          to: "http://127.0.0.1:8080/cron-finished",
+        },
+      });
+
+      await state.cron.run(job.id, "force");
+
+      expect(fetchWithSsrFGuardMock).toHaveBeenCalledOnce();
+      expect(fetchWithSsrFGuardMock).toHaveBeenCalledWith({
+        url: "http://127.0.0.1:8080/cron-finished",
+        init: {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+          },
+          body: expect.stringContaining('"action":"finished"'),
+          signal: expect.any(AbortSignal),
+        },
+      });
+    } finally {
+      state.cron.stop();
+    }
+  });
 });