fix: validate universe domain input to prevent SSRF credential leak#472
fix: validate universe domain input to prevent SSRF credential leak#472adilburaksen wants to merge 1 commit into
Conversation
…leak The `universe` input is interpolated directly into the Cloud Functions API endpoint (`https://cloudfunctions.${universe}/v2`). A value carrying URL syntax can redirect the credentialed request — including the GCP access token in the Authorization header — to an attacker-controlled host (e.g. `attacker.com#` truncates the real host via the fragment delimiter). Add `validateUniverse` (src/util.ts) which requires a well-formed DNS hostname (no scheme, path, port, userinfo, query, or fragment) and call it from run(). This blocks URL-injection payloads while still accepting any legitimate universe — googleapis.com, Trusted Partner Cloud, and Google Distributed Cloud domains — without an allowlist that would break sovereign deployments.
f67a395 to
203ffe4
Compare
|
Updated this PR based on further review:
Companion fix: google-github-actions/upload-cloud-storage#404. Happy to address any review feedback. |
|
Gentle ping on this one (companion to upload-cloud-storage#404, same class). It validates the |
|
@ChrisGe4 @verbanicm — gentle follow-up. This validates the |
Summary
The
universeinput is interpolated directly into the Cloud Functions API endpoint:Setting
universe: attacker.comroutes all API calls — including Bearer GCP access tokens — tocloudfunctions.attacker.com.Fix
Validates
universeagainst known-safe patterns before use:Allows
googleapis.com(default) and Trusted Partner Cloud subdomains likeus-central1.rep.googleapis.com. Blocks arbitrary hostnames.Related
Companion PR for
upload-cloud-storage: google-github-actions/upload-cloud-storage#404Same class, same root cause in
expandUniverseEndpoints.