Skip to content

feat: add host/IP allowlisting for git clone URLs (SSRF prevention) #221

Closed
#505
Closed
feat: add host/IP allowlisting for git clone URLs (SSRF prevention)#221
#505
Labels
prio:mediumShould do, but not blockingscope:smallLess than 1 day of workspec:securityDESIGN_SPEC Section 12 - Security & Approval Systemspec:toolsDESIGN_SPEC Section 11 - Tool & Capability Systemtype:featureNew feature implementation
@Aureliolo

Description

@Aureliolo
Aureliolo
opened on Mar 10, 2026

Summary

Git clone tools validate URL schemes but do not filter by host/IP. The spec notes this as a future consideration to prevent SSRF against internal networks (loopback, link-local, private ranges).

Design Spec Reference

  • §11.1.1 Built-in git tools — Future note at end

Scope

  • Host/IP allowlisting/denylisting for GitCloneTool
  • Block loopback (127.0.0.0/8, ::1), link-local (169.254.0.0/16), private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) by default
  • Configurable allowlist for legitimate internal hosts

Metadata

Metadata

Assignees

No one assigned

    Labels

    prio:mediumShould do, but not blockingscope:smallLess than 1 day of workspec:securityDESIGN_SPEC Section 12 - Security & Approval Systemspec:toolsDESIGN_SPEC Section 11 - Tool & Capability Systemtype:featureNew feature implementation

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions