mirror of
https://github.com/AikidoSec/safe-chain.git
synced 2026-05-26 20:20:49 +00:00
19d2dee5c9
Without an explicit host, `server.listen(0)` binds to every interface, turning safe-chain's unauthenticated forward proxy into an open relay while `aikido-*` commands are running. Anyone reachable on the network can use it to hit the victim's localhost, intranet, or cloud metadata endpoints. The advertised HTTPS_PROXY URL already used `localhost` (loopback), but the listener itself was wide open. Bind to 127.0.0.1 explicitly and update the advertised URL to match. Add a regression test that verifies the listener refuses connections on non-loopback interfaces. |
||
|---|---|---|
| .. | ||
| interceptors | ||
| certBundle.js | ||
| certBundle.spec.js | ||
| certUtils.js | ||
| certUtils.spec.js | ||
| getConnectTimeout.js | ||
| http-utils.js | ||
| isImdsEndpoint.js | ||
| mitmRequestHandler.js | ||
| mitmRequestHandler.spec.js | ||
| plainHttpProxy.js | ||
| registryProxy.connect-tunnel.spec.js | ||
| registryProxy.http-proxy.spec.js | ||
| registryProxy.js | ||
| registryProxy.loopback.spec.js | ||
| registryProxy.mitm.spec.js | ||
| tunnelRequestHandler.js | ||