fix(web-tools): land #31176 allow RFC2544 trusted fetch range (@sunkinux)

Landed from contributor PR #31176 by @sunkinux. Co-authored-by: sunkinux <sunkinux@users.noreply.github.com>
2026-05-10 10:42:43 +00:00 · 2026-03-02 03:43:18 +00:00
parent 2a252a14cc
commit e1bf9591c3
4 changed files with 55 additions and 2 deletions
--- a/src/agents/tools/web-guarded-fetch.test.ts
+++ b/src/agents/tools/web-guarded-fetch.test.ts
@@ -0,0 +1,51 @@
+import { afterEach, describe, expect, it, vi } from "vitest";
+import { fetchWithSsrFGuard } from "../../infra/net/fetch-guard.js";
+import { withStrictWebToolsEndpoint, withTrustedWebToolsEndpoint } from "./web-guarded-fetch.js";
+
+vi.mock("../../infra/net/fetch-guard.js", () => ({
+  fetchWithSsrFGuard: vi.fn(),
+}));
+
+describe("web-guarded-fetch", () => {
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("uses trusted SSRF policy for trusted web tools endpoints", async () => {
+    vi.mocked(fetchWithSsrFGuard).mockResolvedValue({
+      response: new Response("ok", { status: 200 }),
+      finalUrl: "https://example.com",
+      release: async () => {},
+    });
+
+    await withTrustedWebToolsEndpoint({ url: "https://example.com" }, async () => undefined);
+
+    expect(fetchWithSsrFGuard).toHaveBeenCalledWith(
+      expect.objectContaining({
+        url: "https://example.com",
+        policy: expect.objectContaining({
+          dangerouslyAllowPrivateNetwork: true,
+          allowRfc2544BenchmarkRange: true,
+        }),
+      }),
+    );
+  });
+
+  it("keeps strict endpoint policy unchanged", async () => {
+    vi.mocked(fetchWithSsrFGuard).mockResolvedValue({
+      response: new Response("ok", { status: 200 }),
+      finalUrl: "https://example.com",
+      release: async () => {},
+    });
+
+    await withStrictWebToolsEndpoint({ url: "https://example.com" }, async () => undefined);
+
+    expect(fetchWithSsrFGuard).toHaveBeenCalledWith(
+      expect.objectContaining({
+        url: "https://example.com",
+      }),
+    );
+    const call = vi.mocked(fetchWithSsrFGuard).mock.calls[0]?.[0];
+    expect(call?.policy).toBeUndefined();
+  });
+});
--- a/src/agents/tools/web-guarded-fetch.ts
+++ b/src/agents/tools/web-guarded-fetch.ts
@@ -7,6 +7,7 @@ import type { SsrFPolicy } from "../../infra/net/ssrf.js";

 const WEB_TOOLS_TRUSTED_NETWORK_SSRF_POLICY: SsrFPolicy = {
  dangerouslyAllowPrivateNetwork: true,
+  allowRfc2544BenchmarkRange: true,
 };

 type WebToolGuardedFetchOptions = Omit<GuardedFetchOptions, "proxy"> & {