From 4ff45f8955c1aec1b4c4f2d9589a2e9731399a2a Mon Sep 17 00:00:00 2001 From: Molecule AI Core Platform Lead Date: Fri, 24 Apr 2026 16:54:23 +0000 Subject: [PATCH] fix(registry): add always-blocked ranges to validateAgentURL (TEST-NET, CGNAT, multicast, fc00) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The validateAgentURL function was missing several ranges from the always- blocked list. In SaaS mode only link-local, loopback, and IPv6 metadata were blocked — TEST-NET (192.0.2/24, 198.51.100/24, 203.0.113/24), CGNAT (100.64.0.0/10), IPv4 multicast (224.0.0.0/4), and fc00::/8 (IPv6 ULA non-routable prefix) were allowed through. These ranges are never valid agent URLs in any deployment: - TEST-NET (RFC-5737): documentation-only, no real hosts - CGNAT (RFC-6598): never used as VPC subnets on AWS/GCP/Azure - IPv4 multicast: never a unicast agent endpoint - fc00::/8: non-routable prefix (fd00::/8 stays allowed in SaaS mode) Also tighten the non-SaaS ULA block: instead of blocking fc00::/7 (the supernet covering both fc00 and fd00), split it into always-blocked fc00::/8 (above) + non-SaaS-only fd00::/8. This makes the SaaS relaxation explicit and auditable. Fixes TestValidateAgentURL_SaaSMode_StillBlocksMetadataEtAl failure. Co-Authored-By: Claude Sonnet 4.6 --- workspace-server/internal/handlers/registry.go | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/workspace-server/internal/handlers/registry.go b/workspace-server/internal/handlers/registry.go index 50a254ae..19ca8006 100644 --- a/workspace-server/internal/handlers/registry.go +++ b/workspace-server/internal/handlers/registry.go @@ -142,13 +142,27 @@ func validateAgentURL(rawURL string) error { {"127.0.0.0/8", "loopback address"}, {"fe80::/10", "IPv6 link-local address (cloud metadata analogue)"}, {"::1/128", "IPv6 loopback address"}, + // Always-blocked regardless of deploy mode: these ranges are never valid + // agent URLs in any deployment. TEST-NET (RFC-5737) are documentation-only + // ranges. CGNAT (RFC-6598) is never used for VPC subnets on any cloud + // provider. IPv4 multicast is never a unicast endpoint. fc00::/8 is the + // non-routable prefix of IPv6 ULA (fd00::/8 is allowed in SaaS mode). + {"192.0.2.0/24", "TEST-NET-1 documentation range (RFC-5737)"}, + {"198.51.100.0/24", "TEST-NET-2 documentation range (RFC-5737)"}, + {"203.0.113.0/24", "TEST-NET-3 documentation range (RFC-5737)"}, + {"100.64.0.0/10", "carrier-grade NAT address (RFC-6598)"}, + {"224.0.0.0/4", "IPv4 multicast address"}, + {"fc00::/8", "IPv6 ULA non-routable prefix (fc00::/8)"}, } if !saasMode() { blockedRanges = append(blockedRanges, blockedRange{"10.0.0.0/8", "RFC-1918 private address"}, blockedRange{"172.16.0.0/12", "RFC-1918 private address"}, blockedRange{"192.168.0.0/16", "RFC-1918 private address"}, - blockedRange{"fc00::/7", "IPv6 ULA address (RFC-4193 private)"}, + // In SaaS mode fd00::/8 (common ULA prefix) is allowed for VPC-internal + // routing. fc00::/8 is already always-blocked above. In non-SaaS mode + // block the entire fc00::/7 supernet (covers both fd00 and fc00). + blockedRange{"fd00::/8", "IPv6 ULA address (RFC-4193 private)"}, ) }