@kaavee315checks…codex/fix-ssrf-vulnerability-in-sharepoint-action → master2 files · +202 −9updated 3d agoUploadBytesToSession action accepted an unconstrained upload_url and performed GET/PUT/DELETE against it, creating a server-side request primitive that can be abused for SSRF and JSON data exfiltration.mercury/utils/http.py is feature-flag gated and can fail open, so the action must enforce its own destination validation unconditionally.sharepoint.com, sharepoint.us, 1drv.com, onedrive.com) in apps/sharepoint_graph/actions/upload_bytes_to_session.py._validate_upload_url() that uses validate_url_shape() and validate_destination() from mercury.utils.http_ssrf to require https, default port 443, no userinfo, trusted host suffixes, and to reject private/link-local/loopback destinations.^https?://.+.execute() to validate the upload_url before any request, call http_request with allow_redirects=False, and reject 3xx redirect responses instead of following them.tests/apps/sharepoint_graph/actions/test_upload_bytes_to_session.py covering untrusted URLs, trusted-host-but-private-DNS resolution, no-redirect behavior, and redirect rejection.ruff and fixed formatting issues, and ruff check passed.pytest and they all passed (9 passed).
✨ Fix all issues with Cursor
🛠️ 1 Code quality issue detected
🛡️ No new code vulnerabilities
📚 No new vulnerable libraries detected
🔑 No new secrets detected