fix(security): validate Origin header on WebSocket /run_live endpoint#4948
Open
luskabolas wants to merge 2 commits intogoogle:mainfrom
Open
fix(security): validate Origin header on WebSocket /run_live endpoint#4948luskabolas wants to merge 2 commits intogoogle:mainfrom
luskabolas wants to merge 2 commits intogoogle:mainfrom
Conversation
The /run_live WebSocket endpoint does not validate the Origin header, allowing a malicious webpage to establish cross-origin WebSocket connections to the local dev server. Combined with the ability to upload agent files via /builder/save (which uses simple POST requests that bypass CORS preflight), this enables a CSRF-to-RCE attack chain where an attacker's page can upload a malicious agent and trigger its execution via WebSocket. Add server-side Origin validation on the /run_live WebSocket handler. The allowed origins are derived from the server's host/port and any user-provided --allow_origins values. This prevents cross-origin WebSocket hijacking while preserving legitimate same-origin access.
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Collaborator
|
Response from ADK Triaging Agent Hello @luskabolas, thank you for your contribution! Before we can merge this PR, you'll need to sign a Contributor License Agreement (CLA). You can find more information in the "cla/google" check at the bottom of the pull request page. Thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #4947
Summary
/run_liveWebSocket endpoint does not validate theOriginheader, allowing cross-origin WebSocket connections from any webpage/builder/save(CORS-exempt simple POST) and trigger its execution through the WebSocket, achieving remote code executionhost/portand any user-provided--allow_originsvaluesTest plan
test_ws_rejects_cross_origin— foreign origin is closed with code 1008test_ws_allows_same_origin— server's own origin is not rejected