fix(core): block link-local metadata range

2026-03-18 19:18:48 +00:00 · 2026-03-17 16:58:11 -04:00
parent e78fb12d68
commit c14cd96362
2 changed files with 23 additions and 1 deletions
--- a/libs/core/langchain_core/_security/_ssrf_protection.py
+++ b/libs/core/langchain_core/_security/_ssrf_protection.py
@@ -49,10 +49,18 @@ PRIVATE_IP_RANGES = [
 ]

 # Cloud provider metadata endpoints
+CLOUD_METADATA_RANGES = [
+    ipaddress.ip_network("169.254.0.0/16"),  # IPv4 link-local (used by metadata services)
+]
+
 CLOUD_METADATA_IPS = [
    "169.254.169.254",  # AWS, GCP, Azure, DigitalOcean, Oracle Cloud
    "169.254.170.2",  # AWS ECS task metadata
+    "169.254.170.23",  # AWS EKS Pod Identity Agent
    "100.100.100.200",  # Alibaba Cloud metadata
+    "fd00:ec2::254",  # AWS EC2 IMDSv2 over IPv6 (Nitro instances)
+    "fd00:ec2::23",  # AWS EKS Pod Identity Agent (IPv6)
+    "fe80::a9fe:a9fe",  # OpenStack Nova metadata (IPv6 link-local equiv of 169.254.169.254)
 ]

 CLOUD_METADATA_HOSTNAMES = [
@@ -116,7 +124,12 @@ def is_cloud_metadata(hostname: str, ip_str: str | None = None) -> bool:
    # Check IP
    if ip_str:
        try:
-            if _normalize_ip(ip_str) in CLOUD_METADATA_IPS:
+            normalized_ip = _normalize_ip(ip_str)
+            if normalized_ip in CLOUD_METADATA_IPS:
+                return True
+
+            ip = ipaddress.ip_address(normalized_ip)
+            if any(ip in range_ for range_ in CLOUD_METADATA_RANGES):
                return True
        except ValueError:
            pass
--- a/libs/core/tests/unit_tests/test_ssrf_protection.py
+++ b/libs/core/tests/unit_tests/test_ssrf_protection.py
@@ -50,7 +50,16 @@ class TestIPValidation:
        """Test cloud metadata IP detection."""
        assert is_cloud_metadata("example.com", "169.254.169.254") is True
        assert is_cloud_metadata("example.com", "169.254.170.2") is True
+        assert is_cloud_metadata("example.com", "169.254.170.23") is True
        assert is_cloud_metadata("example.com", "100.100.100.200") is True
+        assert is_cloud_metadata("example.com", "fd00:ec2::254") is True
+        assert is_cloud_metadata("example.com", "fd00:ec2::23") is True
+        assert is_cloud_metadata("example.com", "fe80::a9fe:a9fe") is True
+
+    def test_is_cloud_metadata_link_local_range(self) -> None:
+        """Test that IPv4 link-local is flagged as cloud metadata."""
+        assert is_cloud_metadata("example.com", "169.254.1.2") is True
+        assert is_cloud_metadata("example.com", "169.254.255.254") is True

    def test_is_cloud_metadata_hostnames(self) -> None:
        """Test cloud metadata hostname detection."""