fix: harden url fetch dns pinning

2026-01-26 16:05:20 +00:00
parent 8b68cdd9bc
commit b623557a2e
7 changed files with 429 additions and 198 deletions
--- a/src/media/input-files.ts
+++ b/src/media/input-files.ts
@@ -1,5 +1,10 @@
 import { logWarn } from "../logger.js";
-import { assertPublicHostname } from "../infra/net/ssrf.js";
+import {
+  closeDispatcher,
+  createPinnedDispatcher,
+  resolvePinnedHostname,
+} from "../infra/net/ssrf.js";
+import type { Dispatcher } from "undici";

 type CanvasModule = typeof import("@napi-rs/canvas");
 type PdfJsModule = typeof import("pdfjs-dist/legacy/build/pdf.mjs");
@@ -154,50 +159,57 @@ export async function fetchWithGuard(params: {
      if (!["http:", "https:"].includes(parsedUrl.protocol)) {
        throw new Error(`Invalid URL protocol: ${parsedUrl.protocol}. Only HTTP/HTTPS allowed.`);
      }
-      await assertPublicHostname(parsedUrl.hostname);
+      const pinned = await resolvePinnedHostname(parsedUrl.hostname);
+      const dispatcher = createPinnedDispatcher(pinned);

-      const response = await fetch(parsedUrl, {
-        signal: controller.signal,
-        headers: { "User-Agent": "Clawdbot-Gateway/1.0" },
-        redirect: "manual",
-      });
+      try {
+        const response = await fetch(parsedUrl, {
+          signal: controller.signal,
+          headers: { "User-Agent": "Clawdbot-Gateway/1.0" },
+          redirect: "manual",
+          dispatcher,
+        } as RequestInit & { dispatcher: Dispatcher });

-      if (isRedirectStatus(response.status)) {
-        const location = response.headers.get("location");
-        if (!location) {
-          throw new Error(`Redirect missing location header (${response.status})`);
+        if (isRedirectStatus(response.status)) {
+          const location = response.headers.get("location");
+          if (!location) {
+            throw new Error(`Redirect missing location header (${response.status})`);
+          }
+          redirectCount += 1;
+          if (redirectCount > params.maxRedirects) {
+            throw new Error(`Too many redirects (limit: ${params.maxRedirects})`);
+          }
+          void response.body?.cancel();
+          currentUrl = new URL(location, parsedUrl).toString();
+          continue;
        }
-        redirectCount += 1;
-        if (redirectCount > params.maxRedirects) {
-          throw new Error(`Too many redirects (limit: ${params.maxRedirects})`);
+
+        if (!response.ok) {
+          throw new Error(`Failed to fetch: ${response.status} ${response.statusText}`);
        }
-        currentUrl = new URL(location, parsedUrl).toString();
-        continue;
-      }

-      if (!response.ok) {
-        throw new Error(`Failed to fetch: ${response.status} ${response.statusText}`);
-      }
-
-      const contentLength = response.headers.get("content-length");
-      if (contentLength) {
-        const size = parseInt(contentLength, 10);
-        if (size > params.maxBytes) {
-          throw new Error(`Content too large: ${size} bytes (limit: ${params.maxBytes} bytes)`);
+        const contentLength = response.headers.get("content-length");
+        if (contentLength) {
+          const size = parseInt(contentLength, 10);
+          if (size > params.maxBytes) {
+            throw new Error(`Content too large: ${size} bytes (limit: ${params.maxBytes} bytes)`);
+          }
        }
-      }

-      const buffer = Buffer.from(await response.arrayBuffer());
-      if (buffer.byteLength > params.maxBytes) {
-        throw new Error(
-          `Content too large: ${buffer.byteLength} bytes (limit: ${params.maxBytes} bytes)`,
-        );
-      }
+        const buffer = Buffer.from(await response.arrayBuffer());
+        if (buffer.byteLength > params.maxBytes) {
+          throw new Error(
+            `Content too large: ${buffer.byteLength} bytes (limit: ${params.maxBytes} bytes)`,
+          );
+        }

-      const contentType = response.headers.get("content-type") || undefined;
-      const parsed = parseContentType(contentType);
-      const mimeType = parsed.mimeType ?? "application/octet-stream";
-      return { buffer, mimeType, contentType };
+        const contentType = response.headers.get("content-type") || undefined;
+        const parsed = parseContentType(contentType);
+        const mimeType = parsed.mimeType ?? "application/octet-stream";
+        return { buffer, mimeType, contentType };
+      } finally {
+        await closeDispatcher(dispatcher);
+      }
    }
  } finally {
    clearTimeout(timeoutId);
--- a/src/media/store.redirect.test.ts
+++ b/src/media/store.redirect.test.ts
@@ -18,6 +18,9 @@ vi.doMock("node:os", () => ({
 vi.doMock("node:https", () => ({
  request: (...args: unknown[]) => mockRequest(...args),
 }));
+vi.doMock("node:dns/promises", () => ({
+  lookup: async () => [{ address: "93.184.216.34", family: 4 }],
+}));

 const loadStore = async () => await import("./store.js");

--- a/src/media/store.ts
+++ b/src/media/store.ts
@@ -1,10 +1,12 @@
 import crypto from "node:crypto";
 import { createWriteStream } from "node:fs";
 import fs from "node:fs/promises";
-import { request } from "node:https";
+import { request as httpRequest } from "node:http";
+import { request as httpsRequest } from "node:https";
 import path from "node:path";
 import { pipeline } from "node:stream/promises";
 import { resolveConfigDir } from "../utils.js";
+import { resolvePinnedHostname } from "../infra/net/ssrf.js";
 import { detectMime, extensionForMime } from "./mime.js";

 const resolveMediaDir = () => path.join(resolveConfigDir(), "media");
@@ -88,51 +90,67 @@ async function downloadToFile(
  maxRedirects = 5,
 ): Promise<{ headerMime?: string; sniffBuffer: Buffer; size: number }> {
  return await new Promise((resolve, reject) => {
-    const req = request(url, { headers }, (res) => {
-      // Follow redirects
-      if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400) {
-        const location = res.headers.location;
-        if (!location || maxRedirects <= 0) {
-          reject(new Error(`Redirect loop or missing Location header`));
-          return;
-        }
-        const redirectUrl = new URL(location, url).href;
-        resolve(downloadToFile(redirectUrl, dest, headers, maxRedirects - 1));
-        return;
-      }
-      if (!res.statusCode || res.statusCode >= 400) {
-        reject(new Error(`HTTP ${res.statusCode ?? "?"} downloading media`));
-        return;
-      }
-      let total = 0;
-      const sniffChunks: Buffer[] = [];
-      let sniffLen = 0;
-      const out = createWriteStream(dest);
-      res.on("data", (chunk) => {
-        total += chunk.length;
-        if (sniffLen < 16384) {
-          sniffChunks.push(chunk);
-          sniffLen += chunk.length;
-        }
-        if (total > MAX_BYTES) {
-          req.destroy(new Error("Media exceeds 5MB limit"));
-        }
-      });
-      pipeline(res, out)
-        .then(() => {
-          const sniffBuffer = Buffer.concat(sniffChunks, Math.min(sniffLen, 16384));
-          const rawHeader = res.headers["content-type"];
-          const headerMime = Array.isArray(rawHeader) ? rawHeader[0] : rawHeader;
-          resolve({
-            headerMime,
-            sniffBuffer,
-            size: total,
+    let parsedUrl: URL;
+    try {
+      parsedUrl = new URL(url);
+    } catch {
+      reject(new Error("Invalid URL"));
+      return;
+    }
+    if (!["http:", "https:"].includes(parsedUrl.protocol)) {
+      reject(new Error(`Invalid URL protocol: ${parsedUrl.protocol}. Only HTTP/HTTPS allowed.`));
+      return;
+    }
+    const requestImpl = parsedUrl.protocol === "https:" ? httpsRequest : httpRequest;
+    resolvePinnedHostname(parsedUrl.hostname)
+      .then((pinned) => {
+        const req = requestImpl(parsedUrl, { headers, lookup: pinned.lookup }, (res) => {
+          // Follow redirects
+          if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400) {
+            const location = res.headers.location;
+            if (!location || maxRedirects <= 0) {
+              reject(new Error(`Redirect loop or missing Location header`));
+              return;
+            }
+            const redirectUrl = new URL(location, url).href;
+            resolve(downloadToFile(redirectUrl, dest, headers, maxRedirects - 1));
+            return;
+          }
+          if (!res.statusCode || res.statusCode >= 400) {
+            reject(new Error(`HTTP ${res.statusCode ?? "?"} downloading media`));
+            return;
+          }
+          let total = 0;
+          const sniffChunks: Buffer[] = [];
+          let sniffLen = 0;
+          const out = createWriteStream(dest);
+          res.on("data", (chunk) => {
+            total += chunk.length;
+            if (sniffLen < 16384) {
+              sniffChunks.push(chunk);
+              sniffLen += chunk.length;
+            }
+            if (total > MAX_BYTES) {
+              req.destroy(new Error("Media exceeds 5MB limit"));
+            }
          });
-        })
-        .catch(reject);
-    });
-    req.on("error", reject);
-    req.end();
+          pipeline(res, out)
+            .then(() => {
+              const sniffBuffer = Buffer.concat(sniffChunks, Math.min(sniffLen, 16384));
+              const rawHeader = res.headers["content-type"];
+              const headerMime = Array.isArray(rawHeader) ? rawHeader[0] : rawHeader;
+              resolve({
+                headerMime,
+                sniffBuffer,
+                size: total,
+              });
+            })
+            .catch(reject);
+        });
+        req.on("error", reject);
+        req.end();
+      })
+      .catch(reject);
  });
 }