github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 15:38:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden OpenResponses URL input fetching

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-13 01:38:15 +01:00
parent 4199f9889f
commit 99f28031e5
13 changed files with 431 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/media/input-files.ts
View File

@@ -1,3 +1,4 @@
import type { SsrFPolicy } from "../infra/net/ssrf.js";
import { fetchWithSsrFGuard } from "../infra/net/fetch-guard.js";
import { logWarn } from "../logger.js";
@@ -52,6 +53,7 @@ export type InputPdfLimits = {
export type InputFileLimits = {
allowUrl: boolean;
urlAllowlist?: string[];
allowedMimes: Set<string>;
maxBytes: number;
maxChars: number;
@@ -62,6 +64,7 @@ export type InputFileLimits = {
export type InputImageLimits = {
allowUrl: boolean;
urlAllowlist?: string[];
allowedMimes: Set<string>;
maxBytes: number;
maxRedirects: number;
@@ -141,11 +144,15 @@ export async function fetchWithGuard(params: {
maxBytes: number;
timeoutMs: number;
maxRedirects: number;
policy?: SsrFPolicy;
auditContext?: string;
}): Promise<InputFetchResult> {
const { response, release } = await fetchWithSsrFGuard({
url: params.url,
maxRedirects: params.maxRedirects,
timeoutMs: params.timeoutMs,
policy: params.policy,
auditContext: params.auditContext,
init: { headers: { "User-Agent": "OpenClaw-Gateway/1.0" } },
});
@@ -283,6 +290,11 @@ export async function extractImageContentFromSource(
maxBytes: limits.maxBytes,
timeoutMs: limits.timeoutMs,
maxRedirects: limits.maxRedirects,
policy: {
allowPrivateNetwork: false,
hostnameAllowlist: limits.urlAllowlist,
},
auditContext: "openresponses.input_image",
});
if (!limits.allowedMimes.has(result.mimeType)) {
throw new Error(`Unsupported image MIME type from URL: ${result.mimeType}`);
@@ -321,6 +333,11 @@ export async function extractFileContentFromSource(params: {
maxBytes: limits.maxBytes,
timeoutMs: limits.timeoutMs,
maxRedirects: limits.maxRedirects,
policy: {
allowPrivateNetwork: false,
hostnameAllowlist: limits.urlAllowlist,
},
auditContext: "openresponses.input_file",
});
const parsed = parseContentType(result.contentType);
mimeType = parsed.mimeType ?? normalizeMimeType(result.mimeType);