Skip to content

fix(connectors): allow self-hosted private DB hosts via opt-in flag#5322

Merged
waleedlatif1 merged 3 commits into
stagingfrom
worktree-postgres-host-ssrf-selfhost
Jul 1, 2026
Merged

fix(connectors): allow self-hosted private DB hosts via opt-in flag#5322
waleedlatif1 merged 3 commits into
stagingfrom
worktree-postgres-host-ssrf-selfhost

Conversation

@waleedlatif1

Copy link
Copy Markdown
Collaborator

Summary

  • Database/connector tools (PostgreSQL, MySQL, MongoDB, Redis, SSH, SFTP, SMTP, IMAP, Neo4j, ClickHouse) all route through validateDatabaseHost, which unconditionally rejected any host resolving to a private/reserved/loopback IP. This blocks the common self-hosted topology where the DB is reached by a Docker/K8s/Swarm service name (e.g. db → internal IP). Reported in [BUG] "PostgreSQL query failed: host resolves to a blocked IP address" #4319.
  • Added opt-in ALLOW_PRIVATE_DATABASE_HOSTS env flag. When set on a self-hosted deployment, validateDatabaseHost bypasses the private/reserved/loopback block but still resolves and pins DNS (DNS-rebind protection preserved).
  • Flag is hard-blocked on the hosted platform (&& !isHosted) regardless of the env var, and logs a warn/error on startup — same shape as DISABLE_AUTH.
  • Default behavior is unchanged when the flag is unset. One shared fix covers all 10 connectors.
  • Documented in .env.example; added 9 regression tests (hosted-blocked, self-host default-blocked, self-host opt-in allowed, IP pinning, unresolvable host).

Type of Change

  • Bug fix

Testing

Tested manually — input-validation suite passes (435 tests), tsc and biome clean.

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

Database/connector tools rejected any host resolving to a private/reserved/
loopback IP, blocking the common self-hosted topology where the DB is reached
by a Docker/K8s/Swarm service name. Add an opt-in ALLOW_PRIVATE_DATABASE_HOSTS
flag that bypasses the private-host block in validateDatabaseHost while still
resolving and pinning DNS. Blocked on the hosted platform regardless of the env
var, mirroring DISABLE_AUTH.

Fixes #4319
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Jul 1, 2026 6:13pm

Request Review

@cursor

cursor Bot commented Jul 1, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Loosens the SSRF guard for connector database hosts when operators opt in; mitigations include hosted hard-block, unchanged default, and continued DNS resolution/IP pinning.

Overview
Adds self-hosted opt-in ALLOW_PRIVATE_DATABASE_HOSTS so database/connector tools can reach private, loopback, and internal DNS names (e.g. Docker/K8s db services) while hosted deployments ignore the flag (same pattern as DISABLE_AUTH), with startup warn/error logging.

validateDatabaseHost now skips the private/reserved/loopback rejection when that flag is active, but still resolves DNS and returns resolvedIP for pinning; bracketed IPv6 hosts like [::1] are normalized before checks.

PostgreSQL createPostgresConnection always connects to the validated IP for every SSL mode (removes the ssl=preferred path that passed the hostname and could re-resolve), while keeping the original hostname for TLS servername.

Documented in .env.example, wired through env schema/flags, and covered by validateDatabaseHost and PostgreSQL DNS-pinning tests.

Reviewed by Cursor Bugbot for commit 0eeff7a. Configure here.

@greptile-apps

greptile-apps Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR adds an opt-in path for self-hosted deployments to connect database tools to private hosts.

  • Adds ALLOW_PRIVATE_DATABASE_HOSTS as a self-host-only environment flag.
  • Keeps hosted deployments blocked even when the flag is set.
  • Updates database host validation to allow private, reserved, and loopback hosts only under the opt-in.
  • Preserves DNS resolution so connectors can pin the resolved address.
  • Fixes PostgreSQL to always connect to the validated pinned IP.
  • Adds tests for host blocking, opt-in behavior, IPv6 brackets, unresolvable hosts, and PostgreSQL pinning.

Confidence Score: 5/5

This looks safe to merge.

  • No blocking issues found in the changed code.
  • PostgreSQL now uses the validated IP for the connection target.
  • Bracketed IPv6 hosts are canonicalized before validation and lookup.
  • The private-host flag stays disabled by default and ignored on hosted deployments.

Important Files Changed

Filename Overview
apps/sim/lib/core/security/input-validation.server.ts Updates database host validation to canonicalize bracketed IPv6 and gate private host access behind the self-host flag.
apps/sim/app/api/tools/postgresql/utils.ts Pins PostgreSQL connections to the validated resolved IP across SSL modes.
apps/sim/lib/core/config/env-flags.ts Adds the private database host flag with hosted deployment blocking and startup logging.
apps/sim/lib/core/config/env.ts Declares the optional private database host environment variable.
apps/sim/lib/core/security/input-validation.test.ts Adds tests for default blocking, self-host opt-in behavior, IPv6 brackets, and unresolved hosts.
apps/sim/app/api/tools/postgresql/utils.test.ts Adds tests that PostgreSQL validation failure prevents connection and successful paths use the resolved IP.
packages/testing/src/mocks/env-flags.mock.ts Adds the new flag to the shared test mock with a safe default.
apps/sim/.env.example Documents the self-hosted private database host opt-in flag.

Reviews (3): Last reviewed commit: "fix(connectors): rename flag to isPrivat..." | Re-trigger Greptile

Comment thread apps/sim/lib/core/security/input-validation.server.ts Outdated
Comment thread apps/sim/lib/core/security/input-validation.server.ts Outdated
Address review on #5322:
- validateDatabaseHost now strips surrounding IPv6 brackets before the
  localhost/private-IP checks and DNS lookup, so a bracketed loopback like
  [::1] is classified correctly instead of failing as unresolvable.
- PostgreSQL connector always connects to the validated, pinned IP (removed
  the ssl='preferred' carve-out that passed the original hostname and let the
  driver re-resolve during connection). Matches the MySQL/MongoDB pin pattern.
- Add postgres connector pinning tests and bracketed-IPv6 host tests.
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 90f6e6f. Configure here.

…omment

- Rename env-flag const to satisfy the env-flags 'is' prefix CI check
  (env var ALLOW_PRIVATE_DATABASE_HOSTS is unchanged).
- Tighten the postgres pinning comment to a single line.
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 0eeff7a. Configure here.

@waleedlatif1 waleedlatif1 merged commit af87de0 into staging Jul 1, 2026
12 checks passed
@waleedlatif1 waleedlatif1 deleted the worktree-postgres-host-ssrf-selfhost branch July 1, 2026 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant