fix(security): enforce URL validation across connectors, providers, auth

- Azure OpenAI/Anthropic: validate user-supplied azureEndpoint with validateUrlWithDNS to block SSRF to private IPs, localhost (in hosted mode), and dangerous ports.
- ServiceNow connector: enforce ServiceNow domain allowlist via validateServiceNowInstanceUrl before calling the instance URL.
- Obsidian connector: validate vaultUrl with validateUrlWithDNS and reuse the resolved IP via secureFetchWithPinnedIPAndRetry to block DNS rebinding between validation and request.
- Signup + verify flows: pass redirect/callbackUrl/redirectAfter and stored inviteRedirectUrl through validateCallbackUrl; drop unsafe values and log a warning.
- lib/knowledge/documents/utils.ts: add secureFetchWithPinnedIPAndRetry wrapper around secureFetchWithPinnedIP (used by Obsidian).

Author: waleedlatif1

apps/sim/app/(auth)/signup/signup-form.tsx

@@ -10,6 +10,7 @@ import { usePostHog } from 'posthog-js/react'
 import { Input, Label } from '@/components/emcn'
 import { client, useSession } from '@/lib/auth/auth-client'
 import { getEnv, isFalsy, isTruthy } from '@/lib/core/config/env'
+import { validateCallbackUrl } from '@/lib/core/security/input-validation'
 import { cn } from '@/lib/core/utils/cn'
 import { quickValidateEmail } from '@/lib/messaging/email/validation'
 import { captureClientEvent, captureEvent } from '@/lib/posthog/client'
@@ -102,10 +103,14 @@ function SignupFormContent({ githubAvailable, googleAvailable, isProduction }: S
   useEffect(() => {
     setTurnstileSiteKey(getEnv('NEXT_PUBLIC_TURNSTILE_SITE_KEY'))
   }, [])
-  const redirectUrl = useMemo(
-    () => searchParams.get('redirect') || searchParams.get('callbackUrl') || '',
-    [searchParams]
-  )
+  const rawRedirectUrl = searchParams.get('redirect') || searchParams.get('callbackUrl') || ''
+  const isValidRedirectUrl = rawRedirectUrl ? validateCallbackUrl(rawRedirectUrl) : false
+  const invalidCallbackRef = useRef(false)
+  if (rawRedirectUrl && !isValidRedirectUrl && !invalidCallbackRef.current) {
+    invalidCallbackRef.current = true
+    logger.warn('Invalid callback URL detected and blocked:', { url: rawRedirectUrl })
+  }
+  const redirectUrl = isValidRedirectUrl ? rawRedirectUrl : ''
   const isInviteFlow = useMemo(
     () =>
       searchParams.get('invite_flow') === 'true' ||

apps/sim/app/(auth)/verify/use-verification.ts

@@ -4,6 +4,7 @@ import { useEffect, useState } from 'react'
 import { createLogger } from '@sim/logger'
 import { useRouter, useSearchParams } from 'next/navigation'
 import { client, useSession } from '@/lib/auth/auth-client'
+import { validateCallbackUrl } from '@/lib/core/security/input-validation'
 
 const logger = createLogger('useVerification')
 
@@ -55,8 +56,11 @@ export function useVerification({
       }
 
       const storedRedirectUrl = sessionStorage.getItem('inviteRedirectUrl')
-      if (storedRedirectUrl) {
+      if (storedRedirectUrl && validateCallbackUrl(storedRedirectUrl)) {
         setRedirectUrl(storedRedirectUrl)
+      } else if (storedRedirectUrl) {
+        logger.warn('Ignoring unsafe stored invite redirect URL', { url: storedRedirectUrl })
+        sessionStorage.removeItem('inviteRedirectUrl')
       }
 
       const storedIsInviteFlow = sessionStorage.getItem('isInviteFlow')
@@ -67,7 +71,11 @@ export function useVerification({
 
     const redirectParam = searchParams.get('redirectAfter')
     if (redirectParam) {
-      setRedirectUrl(redirectParam)
+      if (validateCallbackUrl(redirectParam)) {
+        setRedirectUrl(redirectParam)
+      } else {
+        logger.warn('Ignoring unsafe redirectAfter parameter', { url: redirectParam })
+      }
     }
 
     const inviteFlowParam = searchParams.get('invite_flow')

apps/sim/connectors/obsidian/obsidian.ts

@@ -1,13 +1,18 @@
 import { createLogger } from '@sim/logger'
 import { toError } from '@sim/utils/errors'
 import { ObsidianIcon } from '@/components/icons'
-import { fetchWithRetry, VALIDATE_RETRY_OPTIONS } from '@/lib/knowledge/documents/utils'
+import { validateUrlWithDNS } from '@/lib/core/security/input-validation.server'
+import {
+  secureFetchWithPinnedIPAndRetry,
+  VALIDATE_RETRY_OPTIONS,
+} from '@/lib/knowledge/documents/utils'
 import type { ConnectorConfig, ExternalDocument, ExternalDocumentList } from '@/connectors/types'
 import { joinTagArray, parseTagDate } from '@/connectors/utils'
 
 const logger = createLogger('ObsidianConnector')
 
 const DOCS_PER_PAGE = 50
+const DEFAULT_VAULT_URL = 'https://127.0.0.1:27124'
 
 interface NoteJson {
   content: string
@@ -22,10 +27,31 @@ interface NoteJson {
 }
 
 /**
- * Normalizes the vault URL by removing trailing slashes.
+ * Normalizes the vault URL and resolves its hostname to a concrete IP that
+ * will be pinned for the lifetime of this request sequence.
+ *
+ * The Obsidian Local REST API plugin runs on the user's own machine — there
+ * is no Obsidian SaaS domain we can allowlist. For hosted Sim deployments the
+ * user must expose the plugin through a public URL (tunnel, port-forward).
+ * Because the hostname is fully user-controlled, we resolve DNS once through
+ * validateUrlWithDNS (which blocks private IPs/localhost in hosted mode,
+ * allows localhost in self-hosted mode, and rejects dangerous ports) and
+ * then reuse that IP on every outgoing fetch via secureFetchWithPinnedIP —
+ * this prevents DNS rebinding attacks where a malicious nameserver would
+ * otherwise swap in a private IP between validation and the actual request.
  */
-function normalizeVaultUrl(url: string): string {
-  return url.trim().replace(/\/+$/, '')
+async function resolveVaultEndpoint(
+  rawUrl: string | undefined
+): Promise<{ baseUrl: string; resolvedIP: string }> {
+  let url = (rawUrl || DEFAULT_VAULT_URL).trim().replace(/\/+$/, '')
+  if (url && !url.startsWith('https://') && !url.startsWith('http://')) {
+    url = `https://${url}`
+  }
+  const validation = await validateUrlWithDNS(url, 'vaultUrl', { allowHttp: true })
+  if (!validation.isValid || !validation.resolvedIP) {
+    throw new Error(validation.error || 'Invalid vault URL')
+  }
+  return { baseUrl: url, resolvedIP: validation.resolvedIP }
 }
 
 /**
@@ -34,21 +60,24 @@ function normalizeVaultUrl(url: string): string {
  */
 async function listDirectory(
   baseUrl: string,
+  resolvedIP: string,
   accessToken: string,
   dirPath: string,
-  retryOptions?: Parameters<typeof fetchWithRetry>[2]
+  retryOptions?: Parameters<typeof secureFetchWithPinnedIPAndRetry>[3]
 ): Promise<string[]> {
   const encodedDir = dirPath ? dirPath.split('/').map(encodeURIComponent).join('/') : ''
   const endpoint = encodedDir ? `${baseUrl}/vault/${encodedDir}/` : `${baseUrl}/vault/`
 
-  const response = await fetchWithRetry(
+  const response = await secureFetchWithPinnedIPAndRetry(
     endpoint,
+    resolvedIP,
     {
       method: 'GET',
       headers: {
         Authorization: `Bearer ${accessToken}`,
         Accept: 'application/json',
       },
+      allowHttp: true,
     },
     retryOptions
   )
@@ -68,9 +97,10 @@ const MAX_RECURSION_DEPTH = 20
 
 async function listVaultFiles(
   baseUrl: string,
+  resolvedIP: string,
   accessToken: string,
   folderPath?: string,
-  retryOptions?: Parameters<typeof fetchWithRetry>[2],
+  retryOptions?: Parameters<typeof secureFetchWithPinnedIPAndRetry>[3],
   depth = 0
 ): Promise<string[]> {
   if (depth > MAX_RECURSION_DEPTH) {
@@ -79,7 +109,7 @@ async function listVaultFiles(
   }
 
   const rootPath = folderPath || ''
-  const entries = await listDirectory(baseUrl, accessToken, rootPath, retryOptions)
+  const entries = await listDirectory(baseUrl, resolvedIP, accessToken, rootPath, retryOptions)
 
   const mdFiles: string[] = []
   const subDirs: string[] = []
@@ -96,7 +126,14 @@ async function listVaultFiles(
 
   for (const dir of subDirs) {
     try {
-      const nested = await listVaultFiles(baseUrl, accessToken, dir, retryOptions, depth + 1)
+      const nested = await listVaultFiles(
+        baseUrl,
+        resolvedIP,
+        accessToken,
+        dir,
+        retryOptions,
+        depth + 1
+      )
       mdFiles.push(...nested)
     } catch (error) {
       logger.warn('Failed to list subdirectory', {
@@ -114,18 +151,21 @@ async function listVaultFiles(
  */
 async function fetchNote(
   baseUrl: string,
+  resolvedIP: string,
   accessToken: string,
   filePath: string,
-  retryOptions?: Parameters<typeof fetchWithRetry>[2]
+  retryOptions?: Parameters<typeof secureFetchWithPinnedIPAndRetry>[3]
 ): Promise<NoteJson> {
-  const response = await fetchWithRetry(
+  const response = await secureFetchWithPinnedIPAndRetry(
     `${baseUrl}/vault/${filePath.split('/').map(encodeURIComponent).join('/')}`,
+    resolvedIP,
     {
       method: 'GET',
       headers: {
         Authorization: `Bearer ${accessToken}`,
         Accept: 'application/vnd.olrapi.note+json',
       },
+      allowHttp: true,
     },
     retryOptions
   )
@@ -183,15 +223,13 @@ export const obsidianConnector: ConnectorConfig = {
     cursor?: string,
     syncContext?: Record<string, unknown>
   ): Promise<ExternalDocumentList> => {
-    const baseUrl = normalizeVaultUrl(
-      (sourceConfig.vaultUrl as string) || 'https://127.0.0.1:27124'
-    )
+    const { baseUrl, resolvedIP } = await resolveVaultEndpoint(sourceConfig.vaultUrl as string)
     const folderPath = (sourceConfig.folderPath as string) || ''
 
     let allFiles = syncContext?.allFiles as string[] | undefined
     if (!allFiles) {
       logger.info('Listing all vault files', { baseUrl, folderPath })
-      allFiles = await listVaultFiles(baseUrl, accessToken, folderPath || undefined)
+      allFiles = await listVaultFiles(baseUrl, resolvedIP, accessToken, folderPath || undefined)
       if (syncContext) {
         syncContext.allFiles = allFiles
       }
@@ -230,12 +268,10 @@ export const obsidianConnector: ConnectorConfig = {
     externalId: string,
     _syncContext?: Record<string, unknown>
   ): Promise<ExternalDocument | null> => {
-    const baseUrl = normalizeVaultUrl(
-      (sourceConfig.vaultUrl as string) || 'https://127.0.0.1:27124'
-    )
+    const { baseUrl, resolvedIP } = await resolveVaultEndpoint(sourceConfig.vaultUrl as string)
 
     try {
-      const note = await fetchNote(baseUrl, accessToken, externalId)
+      const note = await fetchNote(baseUrl, resolvedIP, accessToken, externalId)
       const content = note.content || ''
 
       return {
@@ -275,14 +311,24 @@ export const obsidianConnector: ConnectorConfig = {
       return { valid: false, error: 'Vault URL is required' }
     }
 
-    const baseUrl = normalizeVaultUrl(rawUrl)
+    let baseUrl: string
+    let resolvedIP: string
+    try {
+      const endpoint = await resolveVaultEndpoint(rawUrl)
+      baseUrl = endpoint.baseUrl
+      resolvedIP = endpoint.resolvedIP
+    } catch (error) {
+      return { valid: false, error: toError(error).message }
+    }
 
     try {
-      const response = await fetchWithRetry(
+      const response = await secureFetchWithPinnedIPAndRetry(
         `${baseUrl}/`,
+        resolvedIP,
         {
           method: 'GET',
           headers: { Authorization: `Bearer ${accessToken}` },
+          allowHttp: true,
         },
         VALIDATE_RETRY_OPTIONS
       )
@@ -302,6 +348,7 @@ export const obsidianConnector: ConnectorConfig = {
       if (folderPath.trim()) {
         const entries = await listDirectory(
           baseUrl,
+          resolvedIP,
           accessToken,
           folderPath.trim(),
           VALIDATE_RETRY_OPTIONS
@@ -313,8 +360,10 @@ export const obsidianConnector: ConnectorConfig = {
 
       return { valid: true }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to connect to Obsidian vault'
-      return { valid: false, error: message }
+      return {
+        valid: false,
+        error: toError(error).message || 'Failed to connect to Obsidian vault',
+      }
     }
   },
 

apps/sim/connectors/servicenow/servicenow.ts

@@ -1,6 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { toError } from '@sim/utils/errors'
 import { ServiceNowIcon } from '@/components/icons'
+import { validateServiceNowInstanceUrl } from '@/lib/core/security/input-validation'
 import { fetchWithRetry, VALIDATE_RETRY_OPTIONS } from '@/lib/knowledge/documents/utils'
 import type { ConnectorConfig, ExternalDocument, ExternalDocumentList } from '@/connectors/types'
 import { htmlToPlainText, parseTagDate } from '@/connectors/utils'
@@ -45,15 +46,23 @@ interface Incident extends ServiceNowRecord {
 }
 
 /**
- * Normalizes the instance URL to ensure it has the correct format.
+ * Normalizes and validates the ServiceNow instance URL.
+ *
+ * Prepends https:// if the scheme is missing, strips trailing slashes, then
+ * enforces a ServiceNow-owned domain allowlist to prevent SSRF — the instance
+ * URL is user-controlled and was previously fetched server-side with no
+ * validation.
  */
-function normalizeInstanceUrl(instanceUrl: string): string {
-  let url = instanceUrl.trim()
-  url = url.replace(/\/+$/, '')
-  if (!url.startsWith('https://') && !url.startsWith('http://')) {
+function resolveServiceNowInstanceUrl(rawUrl: string): string {
+  let url = (rawUrl ?? '').trim().replace(/\/+$/, '')
+  if (url && !url.startsWith('https://') && !url.startsWith('http://')) {
     url = `https://${url}`
   }
-  return url
+  const validation = validateServiceNowInstanceUrl(url)
+  if (!validation.isValid) {
+    throw new Error(validation.error || 'Invalid instance URL')
+  }
+  return validation.sanitized ?? url
 }
 
 /**
@@ -430,7 +439,7 @@ export const servicenowConnector: ConnectorConfig = {
     cursor?: string,
     _syncContext?: Record<string, unknown>
   ): Promise<ExternalDocumentList> => {
-    const instanceUrl = normalizeInstanceUrl(sourceConfig.instanceUrl as string)
+    const instanceUrl = resolveServiceNowInstanceUrl(sourceConfig.instanceUrl as string)
     const contentType = (sourceConfig.contentType as string) || 'kb_knowledge'
     const maxItems = sourceConfig.maxItems ? Number(sourceConfig.maxItems) : DEFAULT_MAX_ITEMS
     const authHeader = buildAuthHeader(accessToken, sourceConfig)
@@ -504,7 +513,6 @@ export const servicenowConnector: ConnectorConfig = {
     sourceConfig: Record<string, unknown>,
     externalId: string
   ): Promise<ExternalDocument | null> => {
-    const instanceUrl = normalizeInstanceUrl(sourceConfig.instanceUrl as string)
     const contentType = (sourceConfig.contentType as string) || 'kb_knowledge'
     const authHeader = buildAuthHeader(accessToken, sourceConfig)
     const isKB = contentType === 'kb_knowledge'
@@ -514,6 +522,17 @@ export const servicenowConnector: ConnectorConfig = {
       ? 'sys_id,short_description,text,wiki,workflow_state,kb_category,kb_knowledge_base,number,author,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
       : 'sys_id,number,short_description,description,state,priority,category,assigned_to,opened_by,close_notes,resolution_notes,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
 
+    let instanceUrl: string
+    try {
+      instanceUrl = resolveServiceNowInstanceUrl(sourceConfig.instanceUrl as string)
+    } catch (error) {
+      logger.warn('Failed to validate ServiceNow instance URL', {
+        externalId,
+        error: toError(error).message,
+      })
+      return null
+    }
+
     try {
       const { result } = await serviceNowApiGet(instanceUrl, tableName, authHeader, {
         sysparm_query: `sys_id=${externalId}`,
@@ -568,7 +587,13 @@ export const servicenowConnector: ConnectorConfig = {
       return { valid: false, error: 'Max items must be a positive number' }
     }
 
-    const normalizedUrl = normalizeInstanceUrl(instanceUrl)
+    let normalizedUrl: string
+    try {
+      normalizedUrl = resolveServiceNowInstanceUrl(instanceUrl)
+    } catch (error) {
+      return { valid: false, error: toError(error).message }
+    }
+
     const authHeader = buildAuthHeader(accessToken, sourceConfig)
     const tableName = contentType === 'kb_knowledge' ? 'kb_knowledge' : 'incident'
 
@@ -585,8 +610,7 @@ export const servicenowConnector: ConnectorConfig = {
       )
       return { valid: true }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to connect to ServiceNow'
-      return { valid: false, error: message }
+      return { valid: false, error: toError(error).message || 'Failed to connect to ServiceNow' }
     }
   },