fix: prevent SSRF attack via custom base URL (GHSA-9qf7-mprq-9qgm)

Require API key when custom base URL is provided to prevent attackers from redirecting server API keys to malicious endpoints. CVSS: 9.3 (Critical)
2026-01-02 14:22:28 +08:00 · 2025-12-15 15:02:18 +09:00
parent f175276872
commit 44840d27b3
2 changed files with 11 additions and 1 deletions
--- a/lib/ai-providers.ts
+++ b/lib/ai-providers.ts
@@ -438,6 +438,16 @@ function validateProviderCredentials(provider: ProviderName): void {
 * - SILICONFLOW_BASE_URL: SiliconFlow endpoint (optional, defaults to https://api.siliconflow.com/v1)
 */
 export function getAIModel(overrides?: ClientOverrides): ModelConfig {
+    // SECURITY: Prevent SSRF attacks (GHSA-9qf7-mprq-9qgm)
+    // If a custom baseUrl is provided, an API key MUST also be provided.
+    // This prevents attackers from redirecting server API keys to malicious endpoints.
+    if (overrides?.baseUrl && !overrides?.apiKey) {
+        throw new Error(
+            `API key is required when using a custom base URL. ` +
+                `Please provide your own API key in Settings.`,
+        )
+    }
+
    // Check if client is providing their own provider override
    const isClientOverride = !!(overrides?.provider && overrides?.apiKey)