mirror of
https://github.com/zhayujie/chatgpt-on-wechat.git
synced 2026-07-17 19:27:11 +08:00
1. Vision SSRF (#2878, #2872): Add _validate_url_safe() that resolves the target hostname via DNS and rejects any IP in private (RFC1918), loopback, link-local, or reserved ranges before requests.get() is called. This blocks attacks that use attacker-controlled image URLs to probe internal services or cloud metadata endpoints (169.254.169.254). 2. Skill install path traversal (#2873): Add _safe_skill_dir() that validates the skill name cannot escape the skills/ root directory. Rejects names containing '..', absolute paths, and any resolved path that falls outside the custom_dir boundary. Applied to _add_url(), _add_package(), and delete(). Both fixes include comprehensive unit tests (19 test cases) covering blocked patterns, edge cases, and allowed legitimate usage. Closes #2878 Closes #2873 Ref: #2872
7.7 KiB
7.7 KiB