github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 04:32:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(security): unify local-host and tailnet CIDR checks

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-22 17:20:20 +01:00
parent 21cbf59509
commit f14ebd743c
7 changed files with 63 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/gateway/net.test.ts
View File

@@ -1,6 +1,7 @@
import os from "node:os";
import { afterEach, describe, expect, it, vi } from "vitest";
import {
isLocalishHost,
isPrivateOrLoopbackAddress,
isSecureWebSocketUrl,
isTrustedProxyAddress,
@@ -24,6 +25,28 @@ describe("resolveHostName", () => {
});
});
describe("isLocalishHost", () => {
it("accepts loopback and tailscale serve/funnel host headers", () => {
const accepted = [
"localhost",
"127.0.0.1:18789",
"[::1]:18789",
"[::ffff:127.0.0.1]:18789",
"gateway.tailnet.ts.net",
];
for (const host of accepted) {
expect(isLocalishHost(host), host).toBe(true);
}
});
it("rejects non-local hosts", () => {
const rejected = ["example.com", "192.168.1.10", "203.0.113.5:18789"];
for (const host of rejected) {
expect(isLocalishHost(host), host).toBe(false);
}
});
});
describe("isTrustedProxyAddress", () => {
describe("exact IP matching", () => {
it("returns true when IP matches exactly", () => {