Sultan
/
Flowise
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bugfix/Validate URL for postCore (#4172) 

validare url for postCore
This commit is contained in:
Henry Heng 2025-03-13 20:00:32 +00:00 committed by GitHub
parent 2b9a1ae316
commit c5455137f9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
packages/components/nodes/chains/ApiChain/postCore.ts
View File

@ -92,6 +92,21 @@ export class APIChain extends BaseChain implements APIChainInput {
const { url, data } = JSON.parse(api_url_body)
// Validate request is not to internal/private networks
const urlObj = new URL(url)
const hostname = urlObj.hostname
if (
hostname === 'localhost' ||
hostname === '127.0.0.1' ||
hostname.startsWith('192.168.') ||
hostname.startsWith('10.') ||
hostname.startsWith('172.16.') ||
hostname.includes('internal')
) {
throw new Error('Access to internal networks is not allowed')
}
const res = await fetch(url, {
method: 'POST',
headers: this.headers,