← Back to PRs

#21145: fix(security): use SSRF guard for node camera URL downloads

by Marvae open 2026-02-19 18:18 View on GitHub →
cli size: S
## Problem `writeUrlToFile()` in `src/cli/nodes-camera.ts` fetched arbitrary URLs from node payloads using bare `fetch()` without SSRF protection. A malicious or compromised node could return a `payload.url` pointing to internal/private network endpoints, causing the gateway to make requests to those targets. ## Fix Replace `fetch()` with `fetchWithSsrFGuard()` to enforce: - Private IP/hostname blocking - DNS rebinding protection - Redirect validation ## Note This will block requests to private/internal IPs by default. If there are use cases where nodes legitimately return internal URLs (e.g., self-hosted storage), a `policy.allowPrivateNetwork` passthrough may be needed. ## Testing Build passes. Existing SSRF guard tests cover the underlying protection. ## Related Issue: #21151

Most Similar PRs