Pulse/cmd/pulse-sensor-proxy
rcourtman 7062b07411 feat(security): Add node allowlist validation to prevent SSRF attacks
Implements comprehensive node validation system to prevent SSRF attacks
via the temperature proxy. Addresses critical vulnerability where proxy
would SSH to any hostname/IP passing format validation.

Features:
- Configurable allowed_nodes list (hostnames, IPs, CIDR ranges)
- Automatic Proxmox cluster membership validation
- 5-minute cluster membership cache to reduce pvecm overhead
- strict_node_validation option for strict vs permissive modes
- New metric: pulse_proxy_node_validation_failures_total{node,reason}
- Logs blocked attempts at WARN level with 'potential SSRF attempt'

Configuration:
- allowed_nodes: [] (empty = auto-discover from cluster)
- strict_node_validation: true (require cluster membership)

Default behavior: Empty allowlist + Proxmox host = validate cluster
members (secure by default, backwards compatible).

Related to security audit 2025-11-07.

Co-authored-by: Codex <codex@openai.com>
2025-11-07 17:08:28 +00:00
..
audit.go Make pulse-sensor-proxy resilient to read-only filesystems 2025-11-06 00:18:51 +00:00
audit_test.go Make pulse-sensor-proxy resilient to read-only filesystems 2025-11-06 00:18:51 +00:00
auth.go Automate sensor proxy container mount and auth 2025-10-14 12:41:48 +00:00
auth_test.go Automate sensor proxy container mount and auth 2025-10-14 12:41:48 +00:00
cleanup.go feat: add comprehensive node cleanup system 2025-10-17 18:53:45 +00:00
config.example.yaml feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00
config.go feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00
main.go feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00
main_test.go test: add comprehensive security tests and documentation 2025-10-19 16:47:13 +00:00
metrics.go feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00
ssh.go security: complete Phase 1 sensor proxy hardening 2025-10-20 15:13:37 +00:00
ssh_test.go security: complete Phase 1 sensor proxy hardening 2025-10-20 15:13:37 +00:00
throttle.go feat: make pulse-sensor-proxy rate limits configurable 2025-10-21 11:25:21 +00:00
throttle_test.go feat: make pulse-sensor-proxy rate limits configurable 2025-10-21 11:25:21 +00:00
validation.go feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00
validation_fuzz_test.go security: complete Phase 1 sensor proxy hardening 2025-10-20 15:13:37 +00:00
validation_test.go feat(security): Add node allowlist validation to prevent SSRF attacks 2025-11-07 17:08:28 +00:00