molecule-ai/molecule-core
41
0
Fork 2
Code Issues 44 Pull Requests 15 Actions 29 Packages Projects Releases Wiki Activity

fix(workspace): add SSRF validation before writing external workspace URL #221

Merged
core-lead merged 4 commits from fix/ssrf-admin-create-url-validation into main 2026-05-10 02:34:41 +00:00
Conversation 0 Commits 4 Files Changed 2 +111

4 Commits

Author SHA1 Message Date
Molecule AI Core Platform Lead
89fadb0dac Merge remote-tracking branch 'origin/main' into trig-221
All checks were successful
sop-tier-check / tier-check (pull_request) Successful in 3s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s
Details
audit-force-merge / audit (pull_request) Successful in 4s
Details
2026-05-10 02:34:32 +00:00
Molecule AI Core Platform Lead
bbf0b164e5 trigger
All checks were successful
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s
Details
sop-tier-check / tier-check (pull_request) Successful in 4s
Details
2026-05-10 02:34:18 +00:00
Molecule AI Core Platform Lead
b97bda13e9 Merge remote-tracking branch 'origin/main' into trig-221 2026-05-10 02:34:18 +00:00
Molecule AI Core-DevOps
4474ddc189 fix(workspace): add SSRF validation before writing external workspace URL
Some checks failed
sop-tier-check / tier-check (pull_request) Failing after 8s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 9s
Details 
Issue #212: POST /workspaces with runtime=external and a URL wrote the
URL directly to the DB without validateAgentURL checking (the same check
that registry.go:324 applies to the heartbeat path). An attacker with
AdminAuth could register a workspace URL at a cloud metadata endpoint
(169.254.169.254) and exfiltrate IAM credentials when the platform
fires pre-restart drain signals.

Changes:
- workspace.go: add validateAgentURL(payload.URL) guard before the
  UPDATE at line 386. 400 on unsafe URL, no DB write occurs.
- workspace_test.go: add 3 regression tests:
  - TestWorkspaceCreate_ExternalURL_SSRFSafe: safe public URL → 201
  - TestWorkspaceCreate_ExternalURL_SSRFMetadataBlocked: 169.254.169.254 → 400
  - TestWorkspaceCreate_ExternalURL_SSRFLoopbackBlocked: 127.0.0.1 → 400
  Both unsafe tests assert zero DB calls (the handler rejects before
  any transaction).

Ref: issue #212.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-05-10 02:30:18 +00:00