rodin/review-bot
2
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 6 Wiki Activity

security: add IP-level SSRF defense for action.yml Gitea path #123

New Issue
Closed
opened 2026-05-14 04:29:07 +00:00 by rodin · 0 comments
rodin commented 2026-05-14 04:29:07 +00:00
Owner
Copy Link
Copy Source

Context

From security review on PR #121 (finding #3 MINOR):

SSRF risk: Allowing inputs.gitea-url and action-repo to control request destinations without validation enables server-side requests to arbitrary/internal addresses from the runner environment. Even without tokens, this can be abused on self-hosted runners to access internal services.

Current State (after PR #121 fix)

  • URL scheme is validated (https:// only)
  • Whitespace/newlines are rejected
  • Token exfiltration is prevented (GitHub path ignores user URLs entirely)

What remains

  • DNS resolution + IP validation to block private/link-local/loopback addresses
  • Preventing DNS rebinding attacks
  • Blocking non-standard ports
  • Preventing redirects to untrusted hosts

Challenge

These defenses are complex in pure bash. Options:

  1. Add a Go helper binary (review-bot validate-url) that performs DNS resolution and IP checks
  2. Use dig/getent hosts + IP range checks in bash (fragile, platform-dependent)
  3. Accept the residual risk with documentation (Gitea tokens are the user's own; the attack requires controlling workflow inputs on their own runner)

Acceptance Criteria

  • Decide on approach
  • Implement URL validation that blocks requests to RFC1918/loopback/link-local IPs
  • Block HTTP redirects to non-https or different hosts
  • Add tests
## Context From security review on PR #121 (finding #3 MINOR): > SSRF risk: Allowing inputs.gitea-url and action-repo to control request destinations without validation enables server-side requests to arbitrary/internal addresses from the runner environment. Even without tokens, this can be abused on self-hosted runners to access internal services. ## Current State (after PR #121 fix) - URL scheme is validated (https:// only) - Whitespace/newlines are rejected - Token exfiltration is prevented (GitHub path ignores user URLs entirely) ## What remains - DNS resolution + IP validation to block private/link-local/loopback addresses - Preventing DNS rebinding attacks - Blocking non-standard ports - Preventing redirects to untrusted hosts ## Challenge These defenses are complex in pure bash. Options: 1. Add a Go helper binary (`review-bot validate-url`) that performs DNS resolution and IP checks 2. Use `dig`/`getent hosts` + IP range checks in bash (fragile, platform-dependent) 3. Accept the residual risk with documentation (Gitea tokens are the user's own; the attack requires controlling workflow inputs on their own runner) ## Acceptance Criteria - [ ] Decide on approach - [ ] Implement URL validation that blocks requests to RFC1918/loopback/link-local IPs - [ ] Block HTTP redirects to non-https or different hosts - [ ] Add tests
rodin closed this issue 2026-05-14 19:10:20 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
ai-review
bug
needs-review
ready
Ready for human review
 self-reviewed
Self-review passed since last push
 wip
Work in progress - do not start new work on this PR
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
security-review-bot rodin (Rodin)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: rodin/review-bot#123
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?