* Enforces the SSRF policy for a resolved Connect server IP. * * On the hosted service, all private and reserved IPs are blocked — a tenant has * no legitimate reason to point Connect at the platform's internal network. On * self-hosted deployments only link-local (cloud metadata) is blocked, si
(ip: string, hostname: string)
| 261 | * @throws Error if the IP is not permitted under the active policy. |
| 262 | */ |
| 263 | function assertConnectIpAllowed(ip: string, hostname: string): void { |
| 264 | if (isHosted) { |
| 265 | if (isPrivateOrReservedIP(ip)) { |
| 266 | connectLogger.warn('1Password Connect server URL resolves to a private or reserved IP', { |
| 267 | hostname, |
| 268 | resolvedIP: ip, |
| 269 | }) |
| 270 | throw new Error('1Password server URL cannot point to a private or reserved IP address') |
| 271 | } |
| 272 | return |
| 273 | } |
| 274 | |
| 275 | if (ipaddr.isValid(ip) && ipaddr.process(ip).range() === 'linkLocal') { |
| 276 | connectLogger.warn('1Password Connect server URL resolves to a link-local IP', { |
| 277 | hostname, |
| 278 | resolvedIP: ip, |
| 279 | }) |
| 280 | throw new Error('1Password server URL cannot point to a link-local address') |
| 281 | } |
| 282 | } |
| 283 | |
| 284 | /** |
| 285 | * Validates a Connect server URL against the SSRF policy and returns the resolved |
no test coverage detected