Summary
The URL guard in src/openhuman/tools/impl/network/url_guard.rs validates hostnames against the SSRF blocklist at request-build time, but does NOT resolve DNS before making the request. A DNS rebinding attack can pass validation with a public-looking hostname that resolves to 127.0.0.1 at connection time.
Location
src/openhuman/tools/impl/network/url_guard.rs — validate_url()
Impact
Medium — SSRF to internal services. An attacker registers a domain that alternates DNS responses between a public IP and a private IP (127.0.0.1, 169.254.x.x, 10.x.x.x).
Fix Available
PR #1918 adds validate_url_with_dns_check() which resolves the hostname and re-validates resolved IPs before the request. Callers (http_request.rs, curl.rs) should be migrated to use this function.
Summary
The URL guard in
src/openhuman/tools/impl/network/url_guard.rsvalidates hostnames against the SSRF blocklist at request-build time, but does NOT resolve DNS before making the request. A DNS rebinding attack can pass validation with a public-looking hostname that resolves to127.0.0.1at connection time.Location
src/openhuman/tools/impl/network/url_guard.rs—validate_url()Impact
Medium — SSRF to internal services. An attacker registers a domain that alternates DNS responses between a public IP and a private IP (127.0.0.1, 169.254.x.x, 10.x.x.x).
Fix Available
PR #1918 adds
validate_url_with_dns_check()which resolves the hostname and re-validates resolved IPs before the request. Callers (http_request.rs,curl.rs) should be migrated to use this function.