mirror of
https://github.com/ToolJet/ToolJet
synced 2026-04-27 00:17:18 +00:00
6ddbb7fedc
* feat: implement SSRF protection with URL validation across plugins * refactor SSRF protection to focus on cloud metadata endpoints and improve configuration options * remove legacy whitelist functionality and streamline SSRF validation process * enhance SSRF protection by adding configurable blocked schemes and validation checks * enhance SSRF protection by integrating configurable options across services * replace dns.lookup with dns.lookup from dns module for improved clarity * refactor: enhance SSRF protection by merging request options and improving IP format normalization * Fix: update comments for clarity and enhance IP normalization in SSRF protection * enhance SSRF protection by validating URL and applying protection options in GraphqlQueryService * enhance SSRF protection with detailed validation for redirects and URL schemes
78 lines
1.8 KiB
TypeScript
78 lines
1.8 KiB
TypeScript
import { QueryError, OAuthUnauthorizedClientError } from './query.error';
|
|
import { QueryResult } from './query_result.type';
|
|
import { User } from './user.type';
|
|
import { App } from './app.type';
|
|
import { QueryService } from './query_service.interface';
|
|
import {
|
|
isEmpty,
|
|
cacheConnection,
|
|
cacheConnectionWithConfiguration,
|
|
generateSourceOptionsHash,
|
|
getCachedConnection,
|
|
parseJson,
|
|
cleanSensitiveData,
|
|
redactHeaders,
|
|
getCurrentToken,
|
|
sanitizeHeaders,
|
|
sanitizeCookies,
|
|
cookiesToString,
|
|
sanitizeSearchParams,
|
|
fetchHttpsCertsForCustomCA,
|
|
sanitizeSortPairs,
|
|
getTooljetEdition,
|
|
} from './utils.helper';
|
|
import { ConnectionTestResult } from './connection_test_result.type';
|
|
import {
|
|
getRefreshedToken,
|
|
getAuthUrl,
|
|
sanitizeParams,
|
|
checkIfContentTypeIsURLenc,
|
|
checkIfContentTypeIsMultipartFormData,
|
|
checkIfContentTypeIsJson,
|
|
validateAndSetRequestOptionsBasedOnAuthType,
|
|
} from './oauth';
|
|
import {
|
|
validateUrlForSSRF,
|
|
validateUrlForSSRFSync,
|
|
isPrivateIP,
|
|
getSSRFConfig,
|
|
getSSRFProtectionOptions,
|
|
} from './ssrf-protection';
|
|
|
|
export {
|
|
QueryError,
|
|
OAuthUnauthorizedClientError,
|
|
QueryResult,
|
|
QueryService,
|
|
User,
|
|
App,
|
|
cacheConnection,
|
|
generateSourceOptionsHash,
|
|
cacheConnectionWithConfiguration,
|
|
getCachedConnection,
|
|
parseJson,
|
|
isEmpty,
|
|
ConnectionTestResult,
|
|
cleanSensitiveData,
|
|
getCurrentToken,
|
|
getRefreshedToken,
|
|
getAuthUrl,
|
|
sanitizeParams,
|
|
sanitizeHeaders,
|
|
sanitizeCookies,
|
|
sanitizeSearchParams,
|
|
checkIfContentTypeIsURLenc,
|
|
checkIfContentTypeIsMultipartFormData,
|
|
checkIfContentTypeIsJson,
|
|
validateAndSetRequestOptionsBasedOnAuthType,
|
|
fetchHttpsCertsForCustomCA,
|
|
redactHeaders,
|
|
cookiesToString,
|
|
sanitizeSortPairs,
|
|
validateUrlForSSRF,
|
|
validateUrlForSSRFSync,
|
|
isPrivateIP,
|
|
getSSRFConfig,
|
|
getSSRFProtectionOptions,
|
|
getTooljetEdition,
|
|
};
|