Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Fix: prevent ssrf and Input type confusion issues multiple components #5336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
odaysec wants to merge 1 commit into FlowiseAI:main
base: main
Choose a base branch
Loading
from odaysec:fixdev

Conversation

@odaysec
Copy link

@odaysec odaysec commented Oct 17, 2025

Description Of Fixes

This request fixes an addresses multiple security vulnerabilities related to Server-Side Request Forgery (SSRF) and unvalidated user input handling across several files within the FlowiseAI codebase. These issues could allow attackers to manipulate outgoing requests, access unintended internal resources, or exploit type confusion to bypass sanitization logic. Each fix introduces proper input validation, allow-list enforcement, and type-safety improvements to ensure robust protection against such threats.

1. Secure Tenant ID Validation in Azure SSO

  • packages/server/src/enterprise/sso/AzureSSO.ts The testSetup static method previously allowed unvalidated user input (tenantID) to control the hostname in an outgoing HTTP request to Microsoft Azure.
    This could enable SSRF attacks by redirecting requests to unintended endpoints or internal services.

Fix implemented:

  • Added strict validation logic for tenantID before constructing the authentication URL.
  • Only accepts tenant IDs that match valid Azure formats:
    • A UUID/GUID pattern, or
    • A domain ending with .onmicrosoft.com.
  • Invalid or malformed inputs are rejected early, preventing any outbound requests.
  • Introduced a helper validation function to ensure DRY and clarity.

2. Outbound Request Allow-List for Secure Fetch

  • packages/components/src/httpSecurity.ts Previously, user-supplied URLs were used directly in outbound HTTP requests, protected only by a deny-list. This approach left room for bypass attacks or indirect SSRF through redirects.

Fix implemented:

  • Introduced a positive allow-list mechanism for all outbound requests.
  • Added a new function to validate URLs or hostnames against a configurable allow-list.
  • Integrated this validation within the secureFetch function for both the initial URL and all redirects.
  • Added support for a new environment variable, HTTP_ALLOW_LIST, defining a comma-separated list of allowed domains or wildcard patterns (e.g., *.example.com).
  • Restricted allowed protocols to http and https only.
  • Maintained compatibility with existing deny-list checks for defense in depth.

3. Validation of Chatflow IDs in Evaluation Service

  • packages/server/src/services/evaluations/index.ts The service previously used unvalidated chatflowId values to construct request URLs, creating a potential SSRF vector if arbitrary IDs were supplied.

Fix implemented:

  • Added strict validation for chatflowId before executing EvaluationRunner.runEvaluations.
  • Verified that all provided IDs exist in the ChatFlow database.
  • Rejected any non-existent or malformed IDs (e.g., containing unexpected characters or path traversal patterns).
  • Enforced validation before any data is passed to the evaluation logic.
  • Optionally restricted the ID format to UUIDs for consistent integrity.

4. Type-Safe Validation for Feedback Parameters

  • packages/server/src/controllers/chat-messages/index.ts Certain query parameters (feedbackType) were assumed to be strings but could be arrays due to crafted malicious requests. This type confusion could bypass sanitization logic.

Fix implemented:

  • Added a type guard function to safely validate and normalize feedbackType parameters.
  • Ensured that only recognized ChatMessageRatingType enum values are accepted.
  • Converted non-string or unexpected array values into a sanitized format before further use.
  • Applied this validation directly in the controller to ensure all downstream components receive clean and typed data.

5. Runtime Type Enforcement for Storage Prefix Parameters

  • packages/components/src/storageUtils.ts Unvalidated prefix parameters could cause unsafe string operations or logic errors if arrays or non-string types were passed in.

Fix implemented:

  • Added runtime type checks to ensure prefix is always a valid string before operations like substring or concatenation.
  • Implemented this check within _cleanEmptyS3Folders for minimal code impact and maximum safety.
  • Non-string inputs are either converted to strings or safely rejected before any file operations.

These changes collectively harden the application against:

  • Server-Side Request Forgery (SSRF)
  • Improper Input Validation and Type Confusion
  • Unsafe Outbound Network Requests
  • Potential Data Leakage or Unauthorized Internal Access

All fixes follow the principle of defense in depth, ensuring that user inputs are validated, sanitized, and restricted at the earliest possible stage.

  • Verified all modified modules compile and function correctly.
  • Confirmed that all validation paths properly reject malformed inputs.
  • Manually tested tenant ID, feedbackType, and chatflowId validation against both valid and invalid data.
  • Validated that the allow-list enforcement in secureFetch correctly blocks disallowed domains.

Additional Notes

  • Configuration for HTTP_ALLOW_LIST can be provided via environment variables or config files.
  • All fixes are backward-compatible and do not alter existing expected functionality for legitimate users.
  • These patches improve overall security hygiene and conform to best practices for secure input handling and outbound request control.

Copy link

@poratoes poratoes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Harden outbound requests and strengthen input validation across components and server.

  • Add HTTP allow-list support (HTTP_ALLOW_LIST) and checkAllowList; enforce for secureFetch initial URL and redirects; only http/https allowed (reduces SSRF risk).
  • Make _cleanEmptyS3Folders defensive against unexpected prefix types (handle arrays, ignore non-string/empty prefixes).
  • Normalize and sanitize feedbackType query param (accept CSV, JSON array string, or array) in chat-messages controller.
  • Validate Azure tenantID format in AzureSSO.testSetup to fail fast on invalid config.
  • Validate chatflowId(s) in createEvaluation (parse array or single id, disallow suspicious characters, ensure IDs exist).

Notes:

  • Behavior change: secureFetch now requires HTTP_ALLOW_LIST to be configured in environments where allow-list enforcement is desired — set this env var in tests/CI if needed.
  • Adds security and robustness fixes; recommend adding unit tests for allow-list/redirects, tenantID validation, feedbackType parsing, S3 prefix handling, and chatflowId validation.

Copy link
Contributor

@coderabbitai review
coderabbitai[bot] reacted with eyes emoji

Copy link

coderabbitai bot commented Oct 29, 2025

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Copy link

coderabbitai bot commented Oct 29, 2025

Warning

Rate limit exceeded

@HenryHengZJ has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 13 minutes and 58 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 4111ec3 and e99bad0.

📒 Files selected for processing (5)
  • packages/components/src/httpSecurity.ts (3 hunks)
  • packages/components/src/storageUtils.ts (1 hunks)
  • packages/server/src/controllers/chat-messages/index.ts (2 hunks)
  • packages/server/src/enterprise/sso/AzureSSO.ts (2 hunks)
  • packages/server/src/services/evaluations/index.ts (1 hunks)
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@poratoes poratoes poratoes left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /