Skip to content

Bugfix/ssrf s3 endpoint validation #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bugfix/ssrf s3 endpoint validation #187

wants to merge 1 commit into from

Conversation

aybanda
Copy link

@aybanda aybanda commented Jun 26, 2025

Prevent SSRF via S3 Endpoint Validation in Storage Configuration

Summary

This PR fixes a Server-Side Request Forgery (SSRF) vulnerability in the storage configuration logic by validating the S3 endpoint before instantiating the S3 client. Only allow-listed, trusted S3 endpoints are now permitted.

What Was Changed

  • Introduced an allow-list (ALLOWED_S3_ENDPOINTS) in s3-helper.ts for trusted S3 endpoints (e.g., official AWS S3 endpoints).
  • Added a validation function (isAllowedS3Endpoint) to check the endpoint against the allow-list.
  • If a user attempts to configure a storage with an untrusted or attacker-controlled endpoint, the backend now throws an error and refuses to connect.

Security Impact

  • Prevents the backend from making requests to arbitrary or attacker-controlled URLs, blocking SSRF attacks.
  • Limits S3 endpoint usage to only those explicitly trusted by the platform.

How to Adjust

  • To support additional trusted S3-compatible providers, add their endpoints to the ALLOWED_S3_ENDPOINTS array in s3-helper.ts.

Closes #186

This patch closes a high-severity SSRF vector and aligns with best practices for secure cloud storage integrations.

@aybanda aybanda force-pushed the bugfix/ssrf-s3-endpoint-validation branch from db6328c to 859450f Compare June 26, 2025 07:18
@aybanda aybanda marked this pull request as ready for review June 26, 2025 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSRF Bug Report: S3 Endpoint in Storage Configuration
1 participant
@aybanda