harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
zeroclaw/src
History
Alex Gorevski bbe5530c1a
fix(security): disable automatic redirects in http_request tool (#624) 
Closes #607

The http_request tool validated the initial URL against the domain
allowlist and private-host rules, but reqwest's default redirect policy
followed redirects automatically without revalidating each hop. This
allowed SSRF via redirect chains from allowed domains to internal hosts.

Set redirect policy to Policy::none() so 3xx responses are returned
as-is. Callers that need to follow redirects must issue a new request,
which goes through validate_url again.

Severity: High — SSRF/allowlist bypass via redirect chains.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-02-17 15:15:48 -05:00
..
agent chore(pr539): scope to dingtalk daemon fixes only 2026-02-18 00:42:40 +08:00
approval refactor(sync): migrate remaining std mutex usage to parking_lot 2026-02-18 00:45:26 +08:00
channels style(channels): apply rustfmt drift after main rebase 2026-02-18 00:45:26 +08:00
config fix(gateway): persist pairing tokens and honor docker config (#630) 2026-02-17 15:05:56 -05:00
cost refactor(sync): migrate remaining std mutex usage to parking_lot 2026-02-18 00:45:26 +08:00
cron feat(channels): add Mattermost integration for sovereign communication 2026-02-18 00:19:20 +08:00
daemon fix(dingtalk,daemon): process stream callbacks and supervise DingTalk channel 2026-02-18 00:42:40 +08:00
doctor feat(doctor): harden provider and workspace diagnostics 2026-02-17 17:20:56 +08:00
gateway fix(gateway): persist pairing tokens and honor docker config (#630) 2026-02-17 15:05:56 -05:00
hardware fix(agent): parse tool-call alias tags in channel runtime 2026-02-18 00:28:08 +08:00
health refactor(sync): migrate remaining std mutex usage to parking_lot 2026-02-18 00:45:26 +08:00
heartbeat test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
integrations refactor(provider): unify China alias families across modules 2026-02-18 01:01:57 +08:00
memory refactor(sync): migrate remaining std mutex usage to parking_lot 2026-02-18 00:45:26 +08:00
observability fix(build): complete strict lint and test cleanup (replacement for #476) 2026-02-18 00:18:54 +08:00
onboard refactor(provider): unify China alias families across modules 2026-02-18 01:01:57 +08:00
peripherals fix(agent): parse tool-call alias tags in channel runtime 2026-02-18 00:28:08 +08:00
providers fix(providers): clarify reliable failure entries for custom providers (#594) 2026-02-17 13:53:03 -05:00
rag chore(lint): extend low-risk clippy cleanup batch 2026-02-17 16:40:58 +08:00
runtime fix: replace std::sync::Mutex with parking_lot::Mutex (#350) 2026-02-16 15:02:46 -05:00
security feat(approval): interactive approval workflow for supervised mode (#215) 2026-02-17 23:06:12 +08:00
service fix(gateway): persist pairing tokens and honor docker config (#630) 2026-02-17 15:05:56 -05:00
skillforge fix(providers): use Bearer auth for Gemini CLI OAuth tokens 2026-02-15 14:32:33 -05:00
skills Merge remote-tracking branch 'origin/main' into feat/glm-provider 2026-02-17 13:27:58 -05:00
tools fix(security): disable automatic redirects in http_request tool (#624) 2026-02-17 15:15:48 -05:00
tunnel test: deepen and complete project-wide test coverage (#297) 2026-02-16 05:58:24 -05:00
identity.rs fix(providers): use Bearer auth for Gemini CLI OAuth tokens 2026-02-15 14:32:33 -05:00
lib.rs feat(approval): interactive approval workflow for supervised mode (#215) 2026-02-17 23:06:12 +08:00
main.rs chore(ci): align formatting and clippy output for gates 2026-02-18 00:50:51 +08:00
migration.rs feat(memory): add session_id isolation to Memory trait (#530) 2026-02-17 07:44:05 -05:00
util.rs fix(channels): check response status in send() for Telegram, Slack, and Discord 2026-02-15 09:48:58 -05:00