[codex] Reject unsupported remote pairing protocols#3498
Conversation
Co-authored-by: Codex <codex@openai.com>
…mote-pairing-protocols [codex] Reject unsupported remote pairing protocols
|
Important Review skippedAuto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
github-actions
Bot
added
vouch:unvouched
![macroscopeapp[bot]](https://avatars.githubusercontent.com/in/900172?s=60&v=4){kind=small}
There was a problem hiding this comment.
Effect Service Conventions
1 finding. See the inline comment on packages/shared/src/remote.ts.
Posted via Macroscope — Effect Service Conventions
ApprovabilityVerdict: Approved This PR adds input validation to reject unsupported URL protocols (e.g., ftp:) for remote pairing, which is a security-hardening change with clear intent, limited scope, and comprehensive test coverage. You can customize Macroscope's approvability policy. Learn more. |
Co-authored-by: Codex <codex@openai.com>
macroscopeapp
Bot
dismissed
their stale review
Dismissing prior approval to re-evaluate 43dca40
2 participants
Summary
http:,https:,ws:, andwss:while preserving bare-hosthttps://defaults.Root cause
Remote pairing URL parsing accepted any syntactically valid URL protocol. Unsupported schemes such as
ftp:could pass through direct pairing resolution or normalized backend host resolution and produce backend base URLs that the app cannot use.Impact
Invalid remote pairing targets now fail early with the existing structured errors. Direct unsupported pairing URLs throw
RemotePairingUrlInvalidError; unsupported hosted or direct backend host inputs throwRemoteBackendUrlInvalidErrorwith their existing source metadata preserved.Validation
PATH="$HOME/.vite-plus/bin:$PATH" vp test packages/shared/src/remote.test.tspassed: 1 file passed, 10 tests passedPATH="$HOME/.vite-plus/bin:$PATH" vp checkpassed: 0 errors; 20 existing unrelated warningsPATH="$HOME/.vite-plus/bin:$PATH" vp run typecheckpassed: completed successfullyNote
Low Risk
Input validation only in shared pairing URL parsing; behavior tightens for invalid schemes without changing auth or connection logic for supported protocols.
Overview
Remote pairing resolution no longer accepts arbitrary URL schemes that parse successfully but cannot be used as HTTP/WebSocket backends.
resolveRemotePairingTargetandnormalizeRemoteBaseUrlnow allow onlyhttp:,https:,ws:, andwss:(bare hosts still default tohttps://). Unsupported schemes such asftp:fail early with the existingRemotePairingUrlInvalidErrororRemoteBackendUrlInvalidError, optionally carrying aprotocolfield; parse failures still attach acauseas before.Tests cover unsupported protocols on direct pairing URLs, hosted pairing
hostparameters, and direct host inputs.Reviewed by Cursor Bugbot for commit 43dca40. Bugbot is set up for automated code reviews on this repo. Configure here.
Note
Reject unsupported protocols in remote pairing and backend URL validation
SUPPORTED_REMOTE_BACKEND_PROTOCOLS(http:,https:,ws:,wss:) as the allowlist for remote backend URLs in remote.ts.normalizeRemoteBaseUrlnow throwsRemoteBackendUrlInvalidError(withprotocol, nocause) when the parsed URL has an unsupported protocol.resolveRemotePairingTargetnow throwsRemotePairingUrlInvalidError(withprotocol, nocause) for unsupported pairing URL protocols; hosted pairing links with an unsupported backend host protocol surface asRemoteBackendUrlInvalidErrorwithsource: 'hosted-pairing-host'.causeis now optional on both error classes, and both gain an optionalprotocolfield.ftp:now throw structured errors instead of being accepted or failing with a generic parse error.Macroscope summarized 43dca40.