CodeCow/typebot.io
1
0
Fork 0
mirror of https://github.com/baptisteArno/typebot.io.git synced 2026-06-05 21:04:43 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
main
typebot.io/packages/variables/src
History
Baptiste Arnaud b25c41b02b
🐛 Fix SSRF bypass via DNS rebinding in HTTP request and script fetch flows (#2461) 
- Add `createSafeDispatcher` with a `validatingLookup` that checks
resolved IPs at TCP connection time, preventing DNS rebinding TOCTOU
attacks (GHSA-hgqq-whf5-mrrf)
- Pass the safe undici dispatcher in `safeFetchWithoutChunkedEncoding`
(`ky.ts`) and in the isolated VM fetch wrapper (`executeFunction.ts`)
- Export `parseIPAddress`, `validateIPAddress` and `ParsedIP` from
`validateHttpReqUrl.ts` for reuse in the dispatcher
- Add unit tests for `validatingLookup` and E2E test bot/spec for SSRF
scenarios
- Add `@types/bun` to `packages/lib` tsconfig

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 09:28:06 +00:00
..
codeRunners.ts 🐛 Release ExternalCopy handles to prevent native memory leak (#2411) 2026-03-17 13:34:33 +00:00
deepParseVariables.ts 🔧 Enable PR1 Biome rules and prefer implicit undefined returns 2026-03-13 11:27:15 +01:00
evaluateSetVariableExpression.ts 🐛 Fix script args validation when variables have non-numeric values 2026-03-13 15:37:36 +01:00
executeFunction.ts 🐛 Fix SSRF bypass via DNS rebinding in HTTP request and script fetch flows (#2461) 2026-04-15 09:28:06 +00:00
extractVariablesFromObject.ts 🐛 Fix copy/paste not pasting variable ids in block items 2025-04-17 12:32:06 +02:00
extractVariablesFromText.ts 🔧 Remove noAccumulatingSpread off rule (#2390) 2026-02-12 14:27:28 +00:00
filterVariablesWithValues.ts ♻️ Use bun, biome, better ts config, new license and remove all barrel files (#1801) 2024-09-25 14:50:13 +02:00
findUniqueVariable.ts Add Cards Input 2025-03-10 16:05:10 +01:00
hasVariable.ts ♻️ Use bun, biome, better ts config, new license and remove all barrel files (#1801) 2024-09-25 14:50:13 +02:00
injectVariableValues.ts 🐛 Make sure prefilled variables are taken into account for transcript compute 2025-08-28 12:19:32 +02:00
isSingleVariable.ts Add Cards Input 2025-03-10 16:05:10 +01:00
parseGuessedTypeFromString.ts 🔧 Enable PR1 Biome rules and prefer implicit undefined returns 2026-03-13 11:27:15 +01:00
parseGuessedValueType.ts 🐛 Fix script args validation when variables have non-numeric values 2026-03-13 15:37:36 +01:00
parseVariableNumber.ts 🔧 Enable PR1 Biome rules and prefer implicit undefined returns 2026-03-13 11:27:15 +01:00
parseVariables.ts 🔧 Enable PR2 Biome rules and mechanical autofixes 2026-03-13 11:46:28 +01:00
schemas.ts ♻️ Upgrade to Zod v4 (#2355) 2026-01-19 10:51:20 +01:00
transformPrefilledVariablesToVariables.ts 🐛 Make sure prefilled variables are taken into account for transcript compute 2025-08-28 12:19:32 +02:00
transformVariablesToList.ts 🔧 Remove noAccumulatingSpread off rule (#2390) 2026-02-12 14:27:28 +00:00
types.ts 🐛 Preprocess number or variable type to avoid unwanted validation crash 2025-02-19 18:38:08 +01:00