fix(security): enforce URL validation across connectors, providers, and auth flows (SSRF + open-redirect hardening) (#4236)

* fix(workday): validate tenantUrl to prevent SSRF in SOAP client

* fix(workday): use validation.sanitized in buildWsdlUrl

* fix(security): enforce URL validation across connectors, providers, auth

- Azure OpenAI/Anthropic: validate user-supplied azureEndpoint with validateUrlWithDNS to block SSRF to private IPs, localhost (in hosted mode), and dangerous ports.
- ServiceNow connector: enforce ServiceNow domain allowlist via validateServiceNowInstanceUrl before calling the instance URL.
- Obsidian connector: validate vaultUrl with validateUrlWithDNS and reuse the resolved IP via secureFetchWithPinnedIPAndRetry to block DNS rebinding between validation and request.
- Signup + verify flows: pass redirect/callbackUrl/redirectAfter and stored inviteRedirectUrl through validateCallbackUrl; drop unsafe values and log a warning.
- lib/knowledge/documents/utils.ts: add secureFetchWithPinnedIPAndRetry wrapper around secureFetchWithPinnedIP (used by Obsidian).

* fix(obsidian): use isomorphic SSRF validation to unblock client build

The Obsidian connector is reachable from client bundles via `connectors/registry.ts` (the knowledge UI reads metadata like `.icon`/`.name`). Importing `validateUrlWithDNS` / `secureFetchWithPinnedIP` from `input-validation.server` pulled `dns/promises`, `http`, `https`, `net` into client chunks, breaking the Turbopack build:

  Module not found: Can't resolve 'dns/promises'
  ./apps/sim/lib/core/security/input-validation.server.ts [Client Component Browser]
  ./apps/sim/connectors/obsidian/obsidian.ts [Client Component Browser]
  ./apps/sim/connectors/registry.ts [Client Component Browser]

Once that file polluted a browser context, Turbopack also failed to resolve the Node builtins in its legitimate server-route imports, cascading the error across App Routes and Server Components.

Fix: switch the Obsidian connector to the isomorphic `validateExternalUrl` + `fetchWithRetry` helpers, matching the pattern used by every other connector in the registry. This keeps the core SSRF protections:
  - hosted Sim: blocks localhost, private IPs, HTTP (HTTPS enforced)
  - self-hosted Sim: allows localhost + HTTP, still blocks non-loopback private IPs and dangerous ports (22, 25, 3306, 5432, 6379, 27017, 9200)

Drops the DNS-rebinding defense specifically (the IP-pinned fetch chain). The trade-off is acceptable because the vault URL is entered by the workspace admin — not arbitrary untrusted input — and hosted deployments already force the plugin to be exposed through a public URL (tunnel/port-forward), making rebinding a narrow threat.

Also reverts the `secureFetchWithPinnedIPAndRetry` wrapper in `lib/knowledge/documents/utils.ts` (no longer needed, and its `.server` import was the original source of the client-bundle pollution).

* fix(servicenow): propagate URL validation errors in getDocument

Match listDocuments behavior — invalid instance URL should surface as a
configuration error rather than being swallowed into a "document not found"
null response during sync.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* fix(obsidian): drop allowHttp to restore HTTPS enforcement in hosted mode

allowHttp: true permitted plaintext HTTP for all hosts in all deployment
modes, contradicting the documented policy. The default validateExternalUrl
behavior already allows http://localhost in self-hosted mode (the actual
Obsidian Local REST API use case) via the built-in carve-out, while correctly
rejecting HTTP for public hosts in hosted mode — which prevents leaking the
Bearer access token over plaintext.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/(auth)/signup/signup-form.tsx

@@ -10,6 +10,7 @@ import { usePostHog } from 'posthog-js/react'
 import { Input, Label } from '@/components/emcn'
 import { client, useSession } from '@/lib/auth/auth-client'
 import { getEnv, isFalsy, isTruthy } from '@/lib/core/config/env'
+import { validateCallbackUrl } from '@/lib/core/security/input-validation'
 import { cn } from '@/lib/core/utils/cn'
 import { quickValidateEmail } from '@/lib/messaging/email/validation'
 import { captureClientEvent, captureEvent } from '@/lib/posthog/client'
@@ -102,10 +103,14 @@ function SignupFormContent({ githubAvailable, googleAvailable, isProduction }: S
   useEffect(() => {
     setTurnstileSiteKey(getEnv('NEXT_PUBLIC_TURNSTILE_SITE_KEY'))
   }, [])
-  const redirectUrl = useMemo(
-    () => searchParams.get('redirect') || searchParams.get('callbackUrl') || '',
-    [searchParams]
-  )
+  const rawRedirectUrl = searchParams.get('redirect') || searchParams.get('callbackUrl') || ''
+  const isValidRedirectUrl = rawRedirectUrl ? validateCallbackUrl(rawRedirectUrl) : false
+  const invalidCallbackRef = useRef(false)
+  if (rawRedirectUrl && !isValidRedirectUrl && !invalidCallbackRef.current) {
+    invalidCallbackRef.current = true
+    logger.warn('Invalid callback URL detected and blocked:', { url: rawRedirectUrl })
+  }
+  const redirectUrl = isValidRedirectUrl ? rawRedirectUrl : ''
   const isInviteFlow = useMemo(
     () =>
       searchParams.get('invite_flow') === 'true' ||

apps/sim/app/(auth)/verify/use-verification.ts

@@ -4,6 +4,7 @@ import { useEffect, useState } from 'react'
 import { createLogger } from '@sim/logger'
 import { useRouter, useSearchParams } from 'next/navigation'
 import { client, useSession } from '@/lib/auth/auth-client'
+import { validateCallbackUrl } from '@/lib/core/security/input-validation'
 
 const logger = createLogger('useVerification')
 
@@ -55,8 +56,11 @@ export function useVerification({
       }
 
       const storedRedirectUrl = sessionStorage.getItem('inviteRedirectUrl')
-      if (storedRedirectUrl) {
+      if (storedRedirectUrl && validateCallbackUrl(storedRedirectUrl)) {
         setRedirectUrl(storedRedirectUrl)
+      } else if (storedRedirectUrl) {
+        logger.warn('Ignoring unsafe stored invite redirect URL', { url: storedRedirectUrl })
+        sessionStorage.removeItem('inviteRedirectUrl')
       }
 
       const storedIsInviteFlow = sessionStorage.getItem('isInviteFlow')
@@ -67,7 +71,11 @@ export function useVerification({
 
     const redirectParam = searchParams.get('redirectAfter')
     if (redirectParam) {
-      setRedirectUrl(redirectParam)
+      if (validateCallbackUrl(redirectParam)) {
+        setRedirectUrl(redirectParam)
+      } else {
+        logger.warn('Ignoring unsafe redirectAfter parameter', { url: redirectParam })
+      }
     }
 
     const inviteFlowParam = searchParams.get('invite_flow')

apps/sim/connectors/obsidian/obsidian.ts

@@ -1,13 +1,15 @@
 import { createLogger } from '@sim/logger'
 import { toError } from '@sim/utils/errors'
 import { ObsidianIcon } from '@/components/icons'
+import { validateExternalUrl } from '@/lib/core/security/input-validation'
 import { fetchWithRetry, VALIDATE_RETRY_OPTIONS } from '@/lib/knowledge/documents/utils'
 import type { ConnectorConfig, ExternalDocument, ExternalDocumentList } from '@/connectors/types'
 import { joinTagArray, parseTagDate } from '@/connectors/utils'
 
 const logger = createLogger('ObsidianConnector')
 
 const DOCS_PER_PAGE = 50
+const DEFAULT_VAULT_URL = 'https://127.0.0.1:27124'
 
 interface NoteJson {
   content: string
@@ -22,10 +24,29 @@ interface NoteJson {
 }
 
 /**
- * Normalizes the vault URL by removing trailing slashes.
+ * Normalizes the vault URL and validates it against SSRF protections.
+ *
+ * The Obsidian Local REST API plugin runs on the user's own machine, so there
+ * is no SaaS domain to allowlist — the vault URL is fully user-controlled. We
+ * defer to the shared `validateExternalUrl` policy:
+ *   - hosted Sim: blocks localhost, private IPs, HTTP (forces HTTPS)
+ *   - self-hosted Sim: allows http://localhost (built-in carve-out), still
+ *     blocks non-loopback private IPs and dangerous ports (22, 25, 3306,
+ *     5432, 6379, 27017, 9200)
+ *
+ * This does not defend against DNS rebinding; for hosted deployments the user
+ * must expose the plugin through a public URL (tunnel, port-forward).
  */
-function normalizeVaultUrl(url: string): string {
-  return url.trim().replace(/\/+$/, '')
+function resolveVaultEndpoint(rawUrl: string | undefined): string {
+  let url = (rawUrl || DEFAULT_VAULT_URL).trim().replace(/\/+$/, '')
+  if (url && !url.startsWith('https://') && !url.startsWith('http://')) {
+    url = `https://${url}`
+  }
+  const validation = validateExternalUrl(url, 'vaultUrl')
+  if (!validation.isValid) {
+    throw new Error(validation.error || 'Invalid vault URL')
+  }
+  return url
 }
 
 /**
@@ -61,9 +82,6 @@ async function listDirectory(
   return data.files ?? []
 }
 
-/**
- * Recursively lists all markdown files in the vault or a specific folder.
- */
 const MAX_RECURSION_DEPTH = 20
 
 async function listVaultFiles(
@@ -183,9 +201,7 @@ export const obsidianConnector: ConnectorConfig = {
     cursor?: string,
     syncContext?: Record<string, unknown>
   ): Promise<ExternalDocumentList> => {
-    const baseUrl = normalizeVaultUrl(
-      (sourceConfig.vaultUrl as string) || 'https://127.0.0.1:27124'
-    )
+    const baseUrl = resolveVaultEndpoint(sourceConfig.vaultUrl as string)
     const folderPath = (sourceConfig.folderPath as string) || ''
 
     let allFiles = syncContext?.allFiles as string[] | undefined
@@ -230,9 +246,7 @@ export const obsidianConnector: ConnectorConfig = {
     externalId: string,
     _syncContext?: Record<string, unknown>
   ): Promise<ExternalDocument | null> => {
-    const baseUrl = normalizeVaultUrl(
-      (sourceConfig.vaultUrl as string) || 'https://127.0.0.1:27124'
-    )
+    const baseUrl = resolveVaultEndpoint(sourceConfig.vaultUrl as string)
 
     try {
       const note = await fetchNote(baseUrl, accessToken, externalId)
@@ -275,7 +289,12 @@ export const obsidianConnector: ConnectorConfig = {
       return { valid: false, error: 'Vault URL is required' }
     }
 
-    const baseUrl = normalizeVaultUrl(rawUrl)
+    let baseUrl: string
+    try {
+      baseUrl = resolveVaultEndpoint(rawUrl)
+    } catch (error) {
+      return { valid: false, error: toError(error).message }
+    }
 
     try {
       const response = await fetchWithRetry(
@@ -313,8 +332,10 @@ export const obsidianConnector: ConnectorConfig = {
 
       return { valid: true }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to connect to Obsidian vault'
-      return { valid: false, error: message }
+      return {
+        valid: false,
+        error: toError(error).message || 'Failed to connect to Obsidian vault',
+      }
     }
   },
 

apps/sim/connectors/servicenow/servicenow.ts

@@ -1,6 +1,7 @@
 import { createLogger } from '@sim/logger'
 import { toError } from '@sim/utils/errors'
 import { ServiceNowIcon } from '@/components/icons'
+import { validateServiceNowInstanceUrl } from '@/lib/core/security/input-validation'
 import { fetchWithRetry, VALIDATE_RETRY_OPTIONS } from '@/lib/knowledge/documents/utils'
 import type { ConnectorConfig, ExternalDocument, ExternalDocumentList } from '@/connectors/types'
 import { htmlToPlainText, parseTagDate } from '@/connectors/utils'
@@ -45,15 +46,23 @@ interface Incident extends ServiceNowRecord {
 }
 
 /**
- * Normalizes the instance URL to ensure it has the correct format.
+ * Normalizes and validates the ServiceNow instance URL.
+ *
+ * Prepends https:// if the scheme is missing, strips trailing slashes, then
+ * enforces a ServiceNow-owned domain allowlist to prevent SSRF — the instance
+ * URL is user-controlled and was previously fetched server-side with no
+ * validation.
  */
-function normalizeInstanceUrl(instanceUrl: string): string {
-  let url = instanceUrl.trim()
-  url = url.replace(/\/+$/, '')
-  if (!url.startsWith('https://') && !url.startsWith('http://')) {
+function resolveServiceNowInstanceUrl(rawUrl: string): string {
+  let url = (rawUrl ?? '').trim().replace(/\/+$/, '')
+  if (url && !url.startsWith('https://') && !url.startsWith('http://')) {
     url = `https://${url}`
   }
-  return url
+  const validation = validateServiceNowInstanceUrl(url)
+  if (!validation.isValid) {
+    throw new Error(validation.error || 'Invalid instance URL')
+  }
+  return validation.sanitized ?? url
 }
 
 /**
@@ -430,7 +439,7 @@ export const servicenowConnector: ConnectorConfig = {
     cursor?: string,
     _syncContext?: Record<string, unknown>
   ): Promise<ExternalDocumentList> => {
-    const instanceUrl = normalizeInstanceUrl(sourceConfig.instanceUrl as string)
+    const instanceUrl = resolveServiceNowInstanceUrl(sourceConfig.instanceUrl as string)
     const contentType = (sourceConfig.contentType as string) || 'kb_knowledge'
     const maxItems = sourceConfig.maxItems ? Number(sourceConfig.maxItems) : DEFAULT_MAX_ITEMS
     const authHeader = buildAuthHeader(accessToken, sourceConfig)
@@ -504,7 +513,6 @@ export const servicenowConnector: ConnectorConfig = {
     sourceConfig: Record<string, unknown>,
     externalId: string
   ): Promise<ExternalDocument | null> => {
-    const instanceUrl = normalizeInstanceUrl(sourceConfig.instanceUrl as string)
     const contentType = (sourceConfig.contentType as string) || 'kb_knowledge'
     const authHeader = buildAuthHeader(accessToken, sourceConfig)
     const isKB = contentType === 'kb_knowledge'
@@ -514,6 +522,8 @@ export const servicenowConnector: ConnectorConfig = {
       ? 'sys_id,short_description,text,wiki,workflow_state,kb_category,kb_knowledge_base,number,author,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
       : 'sys_id,number,short_description,description,state,priority,category,assigned_to,opened_by,close_notes,resolution_notes,sys_created_by,sys_updated_by,sys_updated_on,sys_created_on'
 
+    const instanceUrl = resolveServiceNowInstanceUrl(sourceConfig.instanceUrl as string)
+
     try {
       const { result } = await serviceNowApiGet(instanceUrl, tableName, authHeader, {
         sysparm_query: `sys_id=${externalId}`,
@@ -568,7 +578,13 @@ export const servicenowConnector: ConnectorConfig = {
       return { valid: false, error: 'Max items must be a positive number' }
     }
 
-    const normalizedUrl = normalizeInstanceUrl(instanceUrl)
+    let normalizedUrl: string
+    try {
+      normalizedUrl = resolveServiceNowInstanceUrl(instanceUrl)
+    } catch (error) {
+      return { valid: false, error: toError(error).message }
+    }
+
     const authHeader = buildAuthHeader(accessToken, sourceConfig)
     const tableName = contentType === 'kb_knowledge' ? 'kb_knowledge' : 'incident'
 
@@ -585,8 +601,7 @@ export const servicenowConnector: ConnectorConfig = {
       )
       return { valid: true }
     } catch (error) {
-      const message = error instanceof Error ? error.message : 'Failed to connect to ServiceNow'
-      return { valid: false, error: message }
+      return { valid: false, error: toError(error).message || 'Failed to connect to ServiceNow' }
     }
   },