mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-02-13 13:04:24 +01:00
924be3b647
* refactor: better SSRF Protection in Action and Tool Services - Added `createSSRFSafeAgents` function to create HTTP/HTTPS agents that block connections to private/reserved IP addresses, enhancing security against SSRF attacks. - Updated `createActionTool` to accept a `useSSRFProtection` parameter, allowing the use of SSRF-safe agents during tool execution. - Modified `processRequiredActions` and `loadAgentTools` to utilize the new SSRF protection feature based on allowed domains configuration. - Introduced `resolveHostnameSSRF` function to validate resolved IPs against private ranges, preventing potential SSRF vulnerabilities. - Enhanced tests for domain resolution and private IP detection to ensure robust SSRF protection mechanisms are in place. * feat: Implement SSRF protection in MCP connections - Added `createSSRFSafeUndiciConnect` function to provide SSRF-safe DNS lookup options for undici agents. - Updated `MCPConnection`, `MCPConnectionFactory`, and `ConnectionsRepository` to include `useSSRFProtection` parameter, enabling SSRF protection based on server configuration. - Enhanced `MCPManager` and `UserConnectionManager` to utilize SSRF protection when establishing connections. - Updated tests to validate the integration of SSRF protection across various components, ensuring robust security measures are in place. * refactor: WS MCPConnection with SSRF protection and async transport construction - Added `resolveHostnameSSRF` to validate WebSocket hostnames against private IP addresses, enhancing SSRF protection. - Updated `constructTransport` method to be asynchronous, ensuring proper handling of SSRF checks before establishing connections. - Improved error handling for WebSocket transport to prevent connections to potentially unsafe addresses. * test: Enhance ActionRequest tests for SSRF-safe agent passthrough - Added tests to verify that httpAgent and httpsAgent are correctly passed to axios.create when provided in ActionRequest. - Included scenarios to ensure agents are not included when no options are specified. - Enhanced coverage for POST requests to confirm agent passthrough functionality. - Improved overall test robustness for SSRF protection in ActionRequest execution.
113 lines
3.2 KiB
TypeScript
113 lines
3.2 KiB
TypeScript
jest.mock('node:dns', () => {
|
|
const actual = jest.requireActual('node:dns');
|
|
return {
|
|
...actual,
|
|
lookup: jest.fn(),
|
|
};
|
|
});
|
|
|
|
import dns from 'node:dns';
|
|
import { createSSRFSafeAgents, createSSRFSafeUndiciConnect } from './agent';
|
|
|
|
type LookupCallback = (err: NodeJS.ErrnoException | null, address: string, family: number) => void;
|
|
|
|
const mockedDnsLookup = dns.lookup as jest.MockedFunction<typeof dns.lookup>;
|
|
|
|
function mockDnsResult(address: string, family: number): void {
|
|
mockedDnsLookup.mockImplementation(((
|
|
_hostname: string,
|
|
_options: unknown,
|
|
callback: LookupCallback,
|
|
) => {
|
|
callback(null, address, family);
|
|
}) as never);
|
|
}
|
|
|
|
function mockDnsError(err: NodeJS.ErrnoException): void {
|
|
mockedDnsLookup.mockImplementation(((
|
|
_hostname: string,
|
|
_options: unknown,
|
|
callback: LookupCallback,
|
|
) => {
|
|
callback(err, '', 0);
|
|
}) as never);
|
|
}
|
|
|
|
describe('createSSRFSafeAgents', () => {
|
|
afterEach(() => {
|
|
jest.clearAllMocks();
|
|
});
|
|
|
|
it('should return httpAgent and httpsAgent', () => {
|
|
const agents = createSSRFSafeAgents();
|
|
expect(agents.httpAgent).toBeDefined();
|
|
expect(agents.httpsAgent).toBeDefined();
|
|
});
|
|
|
|
it('should patch httpAgent createConnection to inject SSRF lookup', () => {
|
|
const agents = createSSRFSafeAgents();
|
|
const internal = agents.httpAgent as unknown as {
|
|
createConnection: (opts: Record<string, unknown>) => unknown;
|
|
};
|
|
expect(internal.createConnection).toBeInstanceOf(Function);
|
|
});
|
|
});
|
|
|
|
describe('createSSRFSafeUndiciConnect', () => {
|
|
afterEach(() => {
|
|
jest.clearAllMocks();
|
|
});
|
|
|
|
it('should return an object with a lookup function', () => {
|
|
const connect = createSSRFSafeUndiciConnect();
|
|
expect(connect).toHaveProperty('lookup');
|
|
expect(connect.lookup).toBeInstanceOf(Function);
|
|
});
|
|
|
|
it('lookup should block private IPs', async () => {
|
|
mockDnsResult('10.0.0.1', 4);
|
|
const connect = createSSRFSafeUndiciConnect();
|
|
|
|
const result = await new Promise<{ err: NodeJS.ErrnoException | null }>((resolve) => {
|
|
connect.lookup('evil.example.com', {}, (err) => {
|
|
resolve({ err });
|
|
});
|
|
});
|
|
|
|
expect(result.err).toBeTruthy();
|
|
expect(result.err!.code).toBe('ESSRF');
|
|
});
|
|
|
|
it('lookup should allow public IPs', async () => {
|
|
mockDnsResult('93.184.216.34', 4);
|
|
const connect = createSSRFSafeUndiciConnect();
|
|
|
|
const result = await new Promise<{ err: NodeJS.ErrnoException | null; address: string }>(
|
|
(resolve) => {
|
|
connect.lookup('example.com', {}, (err, address) => {
|
|
resolve({ err, address: address as string });
|
|
});
|
|
},
|
|
);
|
|
|
|
expect(result.err).toBeNull();
|
|
expect(result.address).toBe('93.184.216.34');
|
|
});
|
|
|
|
it('lookup should forward DNS errors', async () => {
|
|
const dnsError = Object.assign(new Error('ENOTFOUND'), {
|
|
code: 'ENOTFOUND',
|
|
}) as NodeJS.ErrnoException;
|
|
mockDnsError(dnsError);
|
|
const connect = createSSRFSafeUndiciConnect();
|
|
|
|
const result = await new Promise<{ err: NodeJS.ErrnoException | null }>((resolve) => {
|
|
connect.lookup('nonexistent.example.com', {}, (err) => {
|
|
resolve({ err });
|
|
});
|
|
});
|
|
|
|
expect(result.err).toBeTruthy();
|
|
expect(result.err!.code).toBe('ENOTFOUND');
|
|
});
|
|
});
|