LLM/CLIProxyAPIPlus
1
0
Fork 0
mirror of https://github.com/router-for-me/CLIProxyAPIPlus.git synced 2026-04-04 03:31:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): enforce stricter localhost validation for GeminiCLIAPIHandler

Browse Source 
Closes: #2445
This commit is contained in:
Luis Pater
2026-04-03 21:22:03 +08:00
parent d2419ed49d
commit 06405f2129
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sdk/api/handlers/gemini/gemini-cli_handlers.go
View File

@@ -9,6 +9,7 @@ import (
"context"
"fmt"
"io"
"net"
"net/http"
"strings"
"time"
@@ -49,7 +50,13 @@ func (h *GeminiCLIAPIHandler) Models() []map[string]any {
// CLIHandler handles CLI-specific requests for Gemini API operations.
// It restricts access to localhost only and routes requests to appropriate internal handlers.
func (h *GeminiCLIAPIHandler) CLIHandler(c *gin.Context) {
if !strings.HasPrefix(c.Request.RemoteAddr, "127.0.0.1:") {
requestHost := c.Request.Host
requestHostname := requestHost
if hostname, _, errSplitHostPort := net.SplitHostPort(requestHost); errSplitHostPort == nil {
requestHostname = hostname
}
if !strings.HasPrefix(c.Request.RemoteAddr, "127.0.0.1:") || requestHostname != "127.0.0.1" {
c.JSON(http.StatusForbidden, handlers.ErrorResponse{
Error: handlers.ErrorDetail{
Message: "CLI reply only allow local access",