CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-06 13:45:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): add Azure metadata endpoint to SSRF blocklist

Browse Source 
Add metadata.azure.internal to BLOCKED_METADATA_HOSTS alongside the
existing AWS/GCP endpoints. Closes the coverage gap identified in #125.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-03-22 09:57:22 -07:00
parent 24b7e11050
commit faaf998c7b
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
browse/src/url-validation.ts
+1
View File
@@ -7,6 +7,7 @@ const BLOCKED_METADATA_HOSTS = new Set([
'169.254.169.254', // AWS/GCP/Azure instance metadata
'fd00::', // IPv6 unique local (metadata in some cloud setups)
'metadata.google.internal', // GCP metadata
'metadata.azure.internal', // Azure IMDS
]);
/**