milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Only timeout for imds endpoints

Browse source
This commit is contained in:
Sander Declerck 2025-12-09 15:25:19 +01:00
parent cef2194427
commit afc68618c6
No known key found for this signature in database
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
packages/safe-chain/src/registryProxy/tunnelRequestHandler.js
View file

@ -3,7 +3,7 @@ import { ui } from "../environment/userInteraction.js";
import { isImdsEndpoint } from "./isImdsEndpoint.js";
/** @type {string[]} */
let timedoutEndpoints = [];
let timedoutImdsEndpoints = [];
/**
* @param {import("http").IncomingMessage} req
@ -43,7 +43,7 @@ function tunnelRequestToDestination(req, clientSocket, head) {
const { port, hostname } = new URL(`http://${req.url}`);
const isImds = isImdsEndpoint(hostname);
if (timedoutEndpoints.includes(hostname)) {
if (timedoutImdsEndpoints.includes(hostname)) {
clientSocket.end("HTTP/1.1 502 Bad Gateway\r\n\r\n");
if (isImds) {
ui.writeVerbose(
@ -74,9 +74,9 @@ function tunnelRequestToDestination(req, clientSocket, head) {
serverSocket.setTimeout(connectTimeout);
serverSocket.on("timeout", () => {
timedoutEndpoints.push(hostname);
// Suppress error logging for IMDS endpoints - timeouts are expected when not in cloud
if (isImds) {
timedoutImdsEndpoints.push(hostname);
ui.writeVerbose(
`Safe-chain: connect to ${hostname}:${
port || 443