Skip to content

Fix / Image URL fetch validates the first FQDN then follows redirects to internal targets#2501

Open
grzegorz-roboflow wants to merge 16 commits into
mainfrom
fix/GHSA-hjmm-hr52-vrp2
Open

Fix / Image URL fetch validates the first FQDN then follows redirects to internal targets#2501
grzegorz-roboflow wants to merge 16 commits into
mainfrom
fix/GHSA-hjmm-hr52-vrp2

Conversation

@grzegorz-roboflow

Copy link
Copy Markdown
Collaborator

What does this PR do?

Fix GHSA-hjmm-hr52-vrp2

Type of Change

  • Bug fix (non-breaking change that fixes an issue)

Testing

  • I have added/updated tests for this change

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code where necessary, particularly in hard-to-understand areas
  • My changes generate no new warnings or errors
  • I have updated the documentation accordingly (if applicable)

Additional Context

N/A

…returning 302 Location: http://169.254.169.254/latest/meta-data, then expects load_image_from_url() to reject it before fetching the redirected URL. current code follows the redirect and decodes the mocked image bytes (resulting in test failure)

@PawelPeczek-Roboflow PawelPeczek-Roboflow left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

requests a bit more validation

@grzegorz-roboflow

Copy link
Copy Markdown
Collaborator Author

Upon reflection we can simplify this change by disabling redirects and guarding access to non-public networks behind config flag

  Disable automatic redirects for URL image fetches, reject hosts that resolve to
  non-public addresses by default, and add an opt-in env flag for deployments that
  intentionally load images from private networks. Add unit coverage for redirect
  blocking, metadata-address DNS resolution, and the private-network override.
@grzegorz-roboflow

Copy link
Copy Markdown
Collaborator Author

Pivot - disable automatic redirects for URL image fetches, reject hosts that resolve to non-public addresses by default, and add an opt-in env flag for deployments that intentionally load images from private networks. Add unit coverage for redirect blocking, metadata-address DNS resolution, and the private-network override.

@PawelPeczek-Roboflow PawelPeczek-Roboflow left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would do the following:

  • it's likely people use load_image_from_url(...) so do not make BC and have max_redirects with default value
  • MAX_IMAGE_URL_REDIRECTS should align with requests.Session default (30 from what I checked)
  • we have 2 other places where equivalent function exists - both in inference_sdk - one requests based, the other asyncio based
  • in those we do not whitelist domains etc - we should do what we did in inference.core and have the same env variable to configure behaviour
  • load_image_from_url is strange when MAX_IMAGE_URL_REDIRECTS is set - looks like maybe we lack some control flag?

when VALIDATE_IMAGE_URL_REDIRECTS is set False - we should have warning and information when it's going to change

@PawelPeczek-Roboflow

Copy link
Copy Markdown
Collaborator

let's discuss the change

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants