Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2026-02-13 13:04:24 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
LibreChat/packages/api/src/auth/agent.spec.ts

114 lines
3.2 KiB
TypeScript
Raw Normal View History

🛡️ fix: Implement TOCTOU-Safe SSRF Protection for Actions and MCP (#11722) * refactor: better SSRF Protection in Action and Tool Services - Added `createSSRFSafeAgents` function to create HTTP/HTTPS agents that block connections to private/reserved IP addresses, enhancing security against SSRF attacks. - Updated `createActionTool` to accept a `useSSRFProtection` parameter, allowing the use of SSRF-safe agents during tool execution. - Modified `processRequiredActions` and `loadAgentTools` to utilize the new SSRF protection feature based on allowed domains configuration. - Introduced `resolveHostnameSSRF` function to validate resolved IPs against private ranges, preventing potential SSRF vulnerabilities. - Enhanced tests for domain resolution and private IP detection to ensure robust SSRF protection mechanisms are in place. * feat: Implement SSRF protection in MCP connections - Added `createSSRFSafeUndiciConnect` function to provide SSRF-safe DNS lookup options for undici agents. - Updated `MCPConnection`, `MCPConnectionFactory`, and `ConnectionsRepository` to include `useSSRFProtection` parameter, enabling SSRF protection based on server configuration. - Enhanced `MCPManager` and `UserConnectionManager` to utilize SSRF protection when establishing connections. - Updated tests to validate the integration of SSRF protection across various components, ensuring robust security measures are in place. * refactor: WS MCPConnection with SSRF protection and async transport construction - Added `resolveHostnameSSRF` to validate WebSocket hostnames against private IP addresses, enhancing SSRF protection. - Updated `constructTransport` method to be asynchronous, ensuring proper handling of SSRF checks before establishing connections. - Improved error handling for WebSocket transport to prevent connections to potentially unsafe addresses. * test: Enhance ActionRequest tests for SSRF-safe agent passthrough - Added tests to verify that httpAgent and httpsAgent are correctly passed to axios.create when provided in ActionRequest. - Included scenarios to ensure agents are not included when no options are specified. - Enhanced coverage for POST requests to confirm agent passthrough functionality. - Improved overall test robustness for SSRF protection in ActionRequest execution.
2026-02-11 22:09:58 -05:00
jest.mock('node:dns', () => {
const actual = jest.requireActual('node:dns');
return {
...actual,
lookup: jest.fn(),
};
});
import dns from 'node:dns';
import { createSSRFSafeAgents, createSSRFSafeUndiciConnect } from './agent';
type LookupCallback = (err: NodeJS.ErrnoException | null, address: string, family: number) => void;
const mockedDnsLookup = dns.lookup as jest.MockedFunction<typeof dns.lookup>;
function mockDnsResult(address: string, family: number): void {
mockedDnsLookup.mockImplementation(((
_hostname: string,
_options: unknown,
callback: LookupCallback,
) => {
callback(null, address, family);
}) as never);
}
function mockDnsError(err: NodeJS.ErrnoException): void {
mockedDnsLookup.mockImplementation(((
_hostname: string,
_options: unknown,
callback: LookupCallback,
) => {
callback(err, '', 0);
}) as never);
}
describe('createSSRFSafeAgents', () => {
afterEach(() => {
jest.clearAllMocks();
});
it('should return httpAgent and httpsAgent', () => {
const agents = createSSRFSafeAgents();
expect(agents.httpAgent).toBeDefined();
expect(agents.httpsAgent).toBeDefined();
});
it('should patch httpAgent createConnection to inject SSRF lookup', () => {
const agents = createSSRFSafeAgents();
const internal = agents.httpAgent as unknown as {
createConnection: (opts: Record<string, unknown>) => unknown;
};
expect(internal.createConnection).toBeInstanceOf(Function);
});
});
describe('createSSRFSafeUndiciConnect', () => {
afterEach(() => {
jest.clearAllMocks();
});
it('should return an object with a lookup function', () => {
const connect = createSSRFSafeUndiciConnect();
expect(connect).toHaveProperty('lookup');
expect(connect.lookup).toBeInstanceOf(Function);
});
it('lookup should block private IPs', async () => {
mockDnsResult('10.0.0.1', 4);
const connect = createSSRFSafeUndiciConnect();
const result = await new Promise<{ err: NodeJS.ErrnoException | null }>((resolve) => {
connect.lookup('evil.example.com', {}, (err) => {
resolve({ err });
});
});
expect(result.err).toBeTruthy();
expect(result.err!.code).toBe('ESSRF');
});
it('lookup should allow public IPs', async () => {
mockDnsResult('93.184.216.34', 4);
const connect = createSSRFSafeUndiciConnect();
const result = await new Promise<{ err: NodeJS.ErrnoException | null; address: string }>(
(resolve) => {
connect.lookup('example.com', {}, (err, address) => {
resolve({ err, address: address as string });
});
},
);
expect(result.err).toBeNull();
expect(result.address).toBe('93.184.216.34');
});
it('lookup should forward DNS errors', async () => {
const dnsError = Object.assign(new Error('ENOTFOUND'), {
code: 'ENOTFOUND',
}) as NodeJS.ErrnoException;
mockDnsError(dnsError);
const connect = createSSRFSafeUndiciConnect();
const result = await new Promise<{ err: NodeJS.ErrnoException | null }>((resolve) => {
connect.lookup('nonexistent.example.com', {}, (err) => {
resolve({ err });
});
});
expect(result.err).toBeTruthy();
expect(result.err!.code).toBe('ENOTFOUND');
});
});
Reference in a new issue Copy permalink