fix: block ISATAP SSRF bypass via shared host/ip guard

2026-05-08 16:18:26 +00:00 · 2026-02-19 09:59:34 +01:00
parent 4cd5fad14b
commit d51929ecb5
9 changed files with 72 additions and 96 deletions
--- a/src/link-understanding/detect.ts
+++ b/src/link-understanding/detect.ts
@@ -1,4 +1,4 @@
-import { isBlockedHostname, isPrivateIpAddress } from "../infra/net/ssrf.js";
+import { isBlockedHostnameOrIp } from "../infra/net/ssrf.js";
 import { DEFAULT_MAX_LINKS } from "./defaults.js";

 // Remove markdown link syntax so only bare URLs are considered.
@@ -22,7 +22,7 @@ function isAllowedUrl(raw: string): boolean {
    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
      return false;
    }
-    if (isBlockedHost(parsed.hostname)) {
+    if (isBlockedHostnameOrIp(parsed.hostname)) {
      return false;
    }
    return true;
@@ -31,16 +31,6 @@ function isAllowedUrl(raw: string): boolean {
  }
 }

-/** Block loopback, private, link-local, and metadata addresses. */
-function isBlockedHost(hostname: string): boolean {
-  const normalized = hostname.trim().toLowerCase();
-  return (
-    normalized === "localhost.localdomain" ||
-    isBlockedHostname(normalized) ||
-    isPrivateIpAddress(normalized)
-  );
-}
-
 export function extractLinksFromMessage(message: string, opts?: { maxLinks?: number }): string[] {
  const source = message?.trim();
  if (!source) {