mirror/nanobot
1
0
Fork 0
mirror of https://github.com/HKUDS/nanobot.git synced 2026-06-13 22:34:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,713 Commits 48 Branches 17 Tags
Commit Graph

5 Commits

Author SHA1 Message Date
chengyongru
288146315e fix(security): normalize IPv6-mapped IPv4 in loopback check, add tests 
- Apply _normalize_addr in _is_allowed_loopback_target so
  ::ffff:127.0.0.1 is correctly identified as loopback
- Add test for contains_internal_url with IPv6-mapped addresses
- Add test for whitelist + IPv6-mapped CGNAT interaction
 2026-05-30 15:34:49 +08:00
yorkhellen
13dec9d2c2 fix(security): normalize IPv6-mapped IPv4 addresses in SSRF checks 
::ffff:127.0.0.1 and ::ffff:169.254.169.254 are IPv6Address objects
that match neither the IPv4 blocklists (127.0.0.0/8, 169.254.0.0/16)
nor the IPv6 ones (::1/128), allowing SSRF bypass via DNS responses
that return IPv6-mapped IPv4 addresses.

Add _normalize_addr() to convert ipv4_mapped IPv6 addresses to their
IPv4 form before blocklist/allowlist matching.
 2026-05-30 15:34:49 +08:00
Xubin Ren
3a420136bb
feat(webui): add project workspaces and access controls (#4007) 
* feat(webui): add project workspaces and access controls

* feat(webui): add project workspaces and access controls

* refactor(tools): centralize workspace access resolution

* refactor(webui): remove unused workspace host state

* fix(webui): hide estimated file edit label

* fix(webui): clarify file edit deletion feedback

* fix(webui): label deleted file activity

* fix(webui): flatten file edit activity rows

* fix(core): remove path-only patch deletion

* fix(core): keep apply patch non-destructive

* refactor(webui): trim workspace host plumbing

* fix(tools): register exec with tools config
 2026-05-29 03:42:53 +08:00
04cb
5f08d61d8f fix(security): add ssrfWhitelist config to unblock Tailscale/CGNAT (#2669) 2026-04-04 19:43:18 +08:00
chengyongru
72acba5d27 refactor(tests): optimize unit test structure 2026-03-24 15:12:22 +08:00