fix: validate universe domain input to prevent SSRF credential leak#404
fix: validate universe domain input to prevent SSRF credential leak#404adilburaksen wants to merge 1 commit into
Conversation
…leak The `universe` input is interpolated directly into the storage API endpoint (`https://storage.${universe}/...`). A value carrying URL syntax can redirect the credentialed request — including the GCP access token in the Authorization header — to an attacker-controlled host (e.g. `attacker.com#` truncates the real host via the fragment delimiter). Validate that `universe` is a well-formed DNS hostname (no scheme, path, port, userinfo, query, or fragment) before it is used. This blocks URL-injection payloads while still accepting any legitimate universe — googleapis.com, Trusted Partner Cloud, and Google Distributed Cloud domains — without an allowlist that would break sovereign deployments.
e235d41 to
0d78cba
Compare
|
Updated this PR based on further review:
Happy to address any review feedback. |
|
@verbanicm friendly ping — would you be able to take a look at this one? It validates the |
|
@R2wenD2 @haroonc — gentle follow-up. This validates the |
Summary
The
universeinput inupload-cloud-storage(anddeploy-cloud-functions) is interpolated directly into the GCS/Cloud Functions API endpoint without validation:Setting
universe: attacker.comroutes all API requests — including the Bearer GCP access token — tostorage.attacker.com.Fix
Validates
universeagainst a strict allowlist: the public Google Cloud universe (googleapis.com) or Trusted Partner Cloud subdomains (e.g.us-central1.rep.googleapis.com).Tests Added
attacker.com→Invalid universe domainerrorattacker.com#.googleapis.com(fragment injection) → errorus-central1.rep.googleapis.com(valid TPC universe) → no validation errorRelated
Companion fix for
get-secretmanager-secrets(same SSRF class): google-github-actions/get-secretmanager-secrets#328