Pulse/cmd
rcourtman 7062b07411 feat(security): Add node allowlist validation to prevent SSRF attacks
Implements comprehensive node validation system to prevent SSRF attacks
via the temperature proxy. Addresses critical vulnerability where proxy
would SSH to any hostname/IP passing format validation.

Features:
- Configurable allowed_nodes list (hostnames, IPs, CIDR ranges)
- Automatic Proxmox cluster membership validation
- 5-minute cluster membership cache to reduce pvecm overhead
- strict_node_validation option for strict vs permissive modes
- New metric: pulse_proxy_node_validation_failures_total{node,reason}
- Logs blocked attempts at WARN level with 'potential SSRF attempt'

Configuration:
- allowed_nodes: [] (empty = auto-discover from cluster)
- strict_node_validation: true (require cluster membership)

Default behavior: Empty allowlist + Proxmox host = validate cluster
members (secure by default, backwards compatible).

Related to security audit 2025-11-07.

Co-authored-by: Codex <codex@openai.com>
2025-11-07 17:08:28 +00:00
..
hashpw Add hashpw utility for generating password hashes 2025-11-06 16:46:56 +00:00
pulse Improve bootstrap token UX for easier discovery 2025-11-06 17:29:49 +00:00
pulse-docker-agent Improve Alpine Linux support and agent startup validation 2025-11-05 19:01:09 +00:00
pulse-host-agent Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
pulse-sensor-proxy feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00