mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-07-17 14:25:21 +00:00
The AI chat assistant scoped tool queries by company but ignored the per-user Bouncer abilities the rest of the app enforces, so any `use ai` holder could read customers, invoices, payments, and company financials their role couldn't otherwise see. Each AiTool now declares a required ability (entity-aligned); the registry hides unauthorized tools from the model and refuses to execute them as a backstop. Separately, admin/owner-supplied URLs were fetched server-side with no guard against private/reserved targets (SSRF): the AI base URL, the CurrencyConverter "DEDICATED" exchange-rate URL, and S3/Spaces file-disk endpoints. A shared PrivateNetworkGuard now backs a PublicHttpUrl validation rule (save-time) and runtime guards in each driver. - AiTool::requiredAbility() + mapping across all 12 tools - AiToolRegistry filters schemas() by ability and re-checks in execute() - PrivateNetworkGuard / BlockedUrlException / PublicHttpUrl rule (new) - Rule wired into AI config (service + 3 controllers), exchange-rate, and file-disk endpoints; runtime guards in OpenRouterDriver, CurrencyConverterDriver, and FileDiskService - Tests for ability filtering, the guard, the rule, and 422 rejections
40 lines
1.1 KiB
PHP
40 lines
1.1 KiB
PHP
<?php
|
|
|
|
use App\Rules\PublicHttpUrl;
|
|
use Illuminate\Support\Facades\Validator;
|
|
|
|
test('passes for public URLs', function (string $url) {
|
|
$validator = Validator::make(
|
|
['base_url' => $url],
|
|
['base_url' => [new PublicHttpUrl]]
|
|
);
|
|
|
|
expect($validator->passes())->toBeTrue();
|
|
})->with([
|
|
'https literal' => 'https://1.1.1.1/api/v1',
|
|
'unresolvable host fails open' => 'https://surely-not-a-real-host.invalid/api',
|
|
]);
|
|
|
|
test('fails for private or reserved URLs', function (string $url) {
|
|
$validator = Validator::make(
|
|
['base_url' => $url],
|
|
['base_url' => [new PublicHttpUrl]]
|
|
);
|
|
|
|
expect($validator->passes())->toBeFalse();
|
|
})->with([
|
|
'cloud metadata' => 'http://169.254.169.254/latest/meta-data/',
|
|
'loopback' => 'http://127.0.0.1:11434',
|
|
'rfc1918' => 'http://10.0.0.5',
|
|
'localhost' => 'http://localhost',
|
|
]);
|
|
|
|
test('passes for empty values so it composes with nullable', function () {
|
|
$validator = Validator::make(
|
|
['base_url' => ''],
|
|
['base_url' => ['nullable', new PublicHttpUrl]]
|
|
);
|
|
|
|
expect($validator->passes())->toBeTrue();
|
|
});
|