Merge 7d43cdea95934158028f8b3eb803ca2043e72814 into 598f1826d8b2bc969aace2c6459824737667218c

2026-03-21 11:25:31 +08:00 · 2026-03-21 11:25:31 +08:00 · a7a34812da
commit a7a34812da
parent 598f1826d8 7d43cdea95
2 changed files with 33 additions and 10 deletions
--- a/src/agents/tools/web-fetch.ts
+++ b/src/agents/tools/web-fetch.ts
@ -32,6 +32,25 @@ import {

 export { extractReadableContent } from "./web-fetch-utils.js";

+const PROXY_ENV_KEYS = [
+  "HTTPS_PROXY",
+  "HTTP_PROXY",
+  "ALL_PROXY",
+  "https_proxy",
+  "http_proxy",
+  "all_proxy",
+] as const;
+
+function hasProxyEnvConfigured(): boolean {
+  for (const key of PROXY_ENV_KEYS) {
+    const value = process.env[key];
+    if (typeof value === "string" && value.trim().length > 0) {
+      return true;
+    }
+  }
+  return false;
+}
+
 const EXTRACT_MODES = ["markdown", "text"] as const;

 const DEFAULT_FETCH_MAX_CHARS = 50_000;
@ -539,6 +558,9 @@ async function runWebFetch(params: WebFetchRuntimeParams): Promise<Record<string
      url: params.url,
      maxRedirects: params.maxRedirects,
      timeoutSeconds: params.timeoutSeconds,
+      // Only allow RFC 2544 benchmark range (fake-ip proxy range) when a proxy is configured.
+      // This prevents widening SSRF protections for non-proxied environments.
+      policy: hasProxyEnvConfigured() ? { allowRfc2544BenchmarkRange: true } : undefined,
      init: {
        headers: {
          Accept: "text/markdown, text/html;q=0.9, */*;q=0.1",
--- a/src/cli/daemon-cli/lifecycle.test.ts
+++ b/src/cli/daemon-cli/lifecycle.test.ts
@ -35,16 +35,17 @@ const resolveGatewayPort = vi.fn(() => 18789);
 const findVerifiedGatewayListenerPidsOnPortSync = vi.fn<(port: number) => number[]>(() => []);
 const signalVerifiedGatewayPidSync = vi.fn<(pid: number, signal: "SIGTERM" | "SIGUSR1") => void>();
 const formatGatewayPidList = vi.fn<(pids: number[]) => string>((pids) => pids.join(", "));
-const probeGateway = vi.fn<
-  (opts: {
-    url: string;
-    auth?: { token?: string; password?: string };
-    timeoutMs: number;
-  }) => Promise<{
-    ok: boolean;
-    configSnapshot: unknown;
-  }>
->();
+const probeGateway =
+  vi.fn<
+    (opts: {
+      url: string;
+      auth?: { token?: string; password?: string };
+      timeoutMs: number;
+    }) => Promise<{
+      ok: boolean;
+      configSnapshot: unknown;
+    }>
+  >();
 const isRestartEnabled = vi.fn<(config?: { commands?: unknown }) => boolean>(() => true);
 const loadConfig = vi.fn(() => ({}));