fix(security): add SSRF protection to database tools and webhook delivery #11280
waleedlatif1ci.yml
on: pull_request
Detect Version
0s
Test and Build
/
Test and Build
58s
Check Docs Changes
0s
Matrix: Build AMD64
Matrix: Build ARM64 (GHCR Only)
Process Docs
/
Process Documentation Embeddings
Matrix: Create GHCR Manifests
Create GitHub Release
0s
Annotations
8 errors and 6 warnings
|
Test and Build / Test and Build
Process completed with exit code 1.
|
|
Test and Build / Test and Build
sim#test: command (/home/runner/_work/sim/sim/apps/sim) /home/runner/.bun/bin/bun run test exited (1)
|
|
app/api/form/utils.test.ts > Form API Utils > CORS handling > should not set CORS headers for disallowed origins:
apps/sim/app/api/form/utils.test.ts#L176
AssertionError: expected "spy" to not be called at all, but actually been called 4 times
Received:
1st spy call:
Array [
"Access-Control-Allow-Origin",
"https://evil.com",
]
2nd spy call:
Array [
"Access-Control-Allow-Credentials",
"true",
]
3rd spy call:
Array [
"Access-Control-Allow-Methods",
"GET, POST, OPTIONS",
]
4th spy call:
Array [
"Access-Control-Allow-Headers",
"Content-Type, X-Requested-With",
]
Number of calls: 4
❯ app/api/form/utils.test.ts:176:44
|
|
lib/mcp/utils.test.ts > categorizeError > returns 500 for generic errors:
apps/sim/lib/mcp/utils.test.ts#L291
AssertionError: expected 'Internal server error' to be 'Something went wrong' // Object.is equality
Expected: "Something went wrong"
Received: "Internal server error"
❯ lib/mcp/utils.test.ts:291:28
|
|
lib/mcp/utils.test.ts > categorizeError > returns 400 for validation errors:
apps/sim/lib/mcp/utils.test.ts#L284
AssertionError: expected 'Invalid request parameters' to be 'Validation failed for input' // Object.is equality
Expected: "Validation failed for input"
Received: "Invalid request parameters"
❯ lib/mcp/utils.test.ts:284:28
|
|
lib/mcp/utils.test.ts > categorizeError > returns 400 for missing required errors:
apps/sim/lib/mcp/utils.test.ts#L277
AssertionError: expected 'Invalid request parameters' to be 'Missing required field: name' // Object.is equality
Expected: "Missing required field: name"
Received: "Invalid request parameters"
❯ lib/mcp/utils.test.ts:277:28
|
|
lib/mcp/utils.test.ts > categorizeError > returns 400 for invalid input errors:
apps/sim/lib/mcp/utils.test.ts#L270
AssertionError: expected 'Invalid request parameters' to be 'Invalid parameter provided' // Object.is equality
Expected: "Invalid parameter provided"
Received: "Invalid request parameters"
❯ lib/mcp/utils.test.ts:270:28
|
|
lib/mcp/utils.test.ts > categorizeError > returns 404 for not accessible errors:
apps/sim/lib/mcp/utils.test.ts#L249
AssertionError: expected 'Resource not found' to be 'Server not accessible' // Object.is equality
Expected: "Server not accessible"
Received: "Resource not found"
❯ lib/mcp/utils.test.ts:249:28
|
|
Test and Build / Test and Build
Skipping sticky disk commit due to previous step failures
|
|
Test and Build / Test and Build
- Step: unknown (failed)
|
|
Test and Build / Test and Build
Found 2 failed/cancelled steps in previous workflow steps
|
|
Test and Build / Test and Build
Skipping sticky disk commit due to previous step failures
|
|
Test and Build / Test and Build
- Step: unknown (failed)
|
|
Test and Build / Test and Build
Found 2 failed/cancelled steps in previous workflow steps
|