fix(security): prevent gatewayUrl SSRF

2026-05-11 02:14:33 +00:00 · 2026-02-14 20:53:30 +01:00
parent e95ce05c1e
commit c5406e1d24
4 changed files with 61 additions and 2 deletions
--- a/src/infra/outbound/message.ts
+++ b/src/infra/outbound/message.ts
@@ -102,8 +102,15 @@ export type MessagePollResult = {
 };

 function resolveGatewayOptions(opts?: MessageGatewayOptions) {
+  // Security: backend callers (tools/agents) must not accept user-controlled gateway URLs.
+  // Use config-derived gateway target only.
+  const url =
+    opts?.mode === GATEWAY_CLIENT_MODES.BACKEND ||
+    opts?.clientName === GATEWAY_CLIENT_NAMES.GATEWAY_CLIENT
+      ? undefined
+      : opts?.url;
  return {
-    url: opts?.url,
+    url,
    token: opts?.token,
    timeoutMs:
      typeof opts?.timeoutMs === "number" && Number.isFinite(opts.timeoutMs)