fix: pin workspace agent API client to intended agent (#26600)#26611
Open
github-actions[bot] wants to merge 1 commit into
Open
fix: pin workspace agent API client to intended agent (#26600)#26611github-actions[bot] wants to merge 1 commit into
github-actions[bot] wants to merge 1 commit into
Conversation
47693a1 to
728a3e6
Compare
Member
|
This backport required a fairly involved manual conflict resolution: #26600 was built on a separate request-context refactor of @codex review |
|
Codex Review: Didn't find any major issues. 👍 Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Backport of #26600 to release/2.34. The workspace agent API client followed HTTP redirects and trusted the redirected host, letting a malicious agent bounce a coderd request onto a different agent's unauthenticated port-4 API (cross-tenant file read/write and RCE). apiClient now refuses redirects and pins every dial to the intended agent address, and the task app / scaletest clients share AppHTTPClient, which blocks redirects too. The upstream change was built on a separate request-context refactor of apiClient that is not present on this release branch, so the redirect block and agent-address pinning are applied to the existing apiClient() here and the request-context-bounded dial test is omitted. (cherry picked from commit eeb2624)
728a3e6 to
aa89df6
Compare
ethanndickson
approved these changes
Jun 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #26600 to
release/2.34.Original PR: #26600 - fix: pin workspace agent API client to intended agent
Merge commit: eeb2624
Requested by: @ethanndickson
What this fixes
The workspace agent API client followed HTTP redirects and trusted the redirected host, letting a malicious agent bounce a coderd request onto a different agent's unauthenticated port-4 API (cross-tenant file read/write and RCE, Cure53 CODAGT-668).
apiClientnow refuses redirects and pins every dial to the intended agent address, and the task-app / scaletest clients shareAppHTTPClient, which blocks redirects too.Conflict resolution
The automatic cherry-pick conflicted because #26600 was built on a separate request-context refactor of
apiClientthat is not present on this release branch. The redirect block and agent-address pinning are applied to the existingapiClient()here, and the request-context-bounded dial test (which depends on that refactor) is omitted. This branch had noagentconn_test.go, so the redirect tests are added as a newagentconn_test.go. The two redirect regression tests added by #26600 are included.