fix(security): add Azure metadata endpoint to SSRF blocklist

Add metadata.azure.internal to BLOCKED_METADATA_HOSTS alongside the existing AWS/GCP endpoints. Closes the coverage gap identified in #125. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-22 09:57:22 -07:00 · 2026-03-22 09:57:22 -07:00 · faaf998c7b
parent 24b7e11050
commit faaf998c7b
2 changed files with 5 additions and 0 deletions
--- a/browse/src/url-validation.ts
+++ b/browse/src/url-validation.ts
@ -7,6 +7,7 @@ const BLOCKED_METADATA_HOSTS = new Set([
  '169.254.169.254',  // AWS/GCP/Azure instance metadata
  'fd00::',           // IPv6 unique local (metadata in some cloud setups)
  'metadata.google.internal', // GCP metadata
+  'metadata.azure.internal',  // Azure IMDS
 ]);

 /**
--- a/browse/test/url-validation.test.ts
+++ b/browse/test/url-validation.test.ts
@ -42,6 +42,10 @@ describe('validateNavigationUrl', () => {
    expect(() => validateNavigationUrl('http://metadata.google.internal/computeMetadata/v1/')).toThrow(/cloud metadata/i);
  });

+  it('blocks Azure metadata hostname', () => {
+    expect(() => validateNavigationUrl('http://metadata.azure.internal/metadata/instance')).toThrow(/cloud metadata/i);
+  });
+
  it('blocks metadata hostname with trailing dot', () => {
    expect(() => validateNavigationUrl('http://metadata.google.internal./computeMetadata/v1/')).toThrow(/cloud metadata/i);
  });