Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge 6eb780b3d5b4f3384a741cf4afe8ff55304164a7 into 598f1826d8b2bc969aace2c6459824737667218c

Browse Source
This commit is contained in:
Blankdlh 2026-03-21 11:25:31 +08:00 committed by GitHub
commit ca0744572c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/agents/tools/web-fetch.ssrf.test.ts
View File

@ -125,6 +125,19 @@ describe("web_fetch SSRF protection", () => {
expect(fetchSpy).toHaveBeenCalledTimes(1);
});
it("allows RFC 2544 benchmark range IPs (198.18.0.0/15) used by DNS proxy tools", async () => {
lookupMock.mockResolvedValue([{ address: "198.18.1.5", family: 4 }]);
setMockFetch().mockResolvedValue(textResponse("ok"));
const tool = await createWebFetchToolForTest();
const result = await tool?.execute?.("call", { url: "https://example.com" });
expect(result?.details).toMatchObject({
status: 200,
extractor: "raw",
});
});
it("allows public hosts", async () => {
lookupMock.mockResolvedValue([{ address: "93.184.216.34", family: 4 }]);

1
src/agents/tools/web-fetch.ts
View File

@ -539,6 +539,7 @@ async function runWebFetch(params: WebFetchRuntimeParams): Promise<Record<string
url: params.url,
maxRedirects: params.maxRedirects,
timeoutSeconds: params.timeoutSeconds,
policy: { allowRfc2544BenchmarkRange: true },
init: {
headers: {
Accept: "text/markdown, text/html;q=0.9, */*;q=0.1",