fix(shared): reject insecure non-loopback gateway deep links#21970

Merged

mbelinky merged 1 commit intomainfrom

fix/shared-deeplink-ws-loopback

Feb 20, 2026

Contributor

mbelinky commented Feb 20, 2026 •

edited by greptile-apps bot

Loading

Summary\n- reject insecure non-loopback ws:// gateway deep links in shared parser\n- reject insecure non-loopback ws:// setup-code payload URLs\n- use strict loopback parsing (blocks 127.attacker.example bypass)\n- add shared DeepLinksSecurityTests and iOS parser coverage\n\n## Why\nThis lands the deep-link security intent from #21268 with a strict matcher and focused scope.

Greptile Summary

Adds security validation to reject insecure ws:// gateway deep links when connecting to non-loopback hosts. The isLoopbackHost helper uses Swift's Network framework to parse and validate IPv4/IPv6 addresses, blocking prefix-bypass attacks like 127.attacker.example. Validation is enforced in both the direct gateway deep link parser (DeepLinks.swift:170-172) and setup code payload parser (DeepLinks.swift:75-77).

Comprehensive test coverage includes bypass attempts and positive loopback cases
Aligns with existing Node.js loopback validation patterns in the codebase (src/gateway/net.ts)
Properly handles edge cases: IPv6 zone indices, trailing dots, bracket notation, IPv4-mapped IPv6

Confidence Score: 5/5

This PR is safe to merge with no issues identified.
The security fix is well-implemented with robust validation logic, comprehensive test coverage for both attack vectors and valid loopback scenarios, and consistent with existing patterns in the codebase. The isLoopbackHost function correctly handles edge cases and bypass attempts.
No files require special attention

_{Last reviewed commit: f57fb0b}

openclaw-barnacle bot added app: ios size: S maintainer labels

mbelinky mentioned this pull request

Security: reject insecure non-loopback gateway deep links #21268

Closed

mbelinky added a commit that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links #21970 t…

b43f510

…hanks @mbelinky

mbelinky force-pushed the fix/shared-deeplink-ws-loopback branch from f57fb0b to b43f510 Compare

February 20, 2026 16:14

openclaw-barnacle bot added the docs label

Contributor

bmendonca3 commented Feb 20, 2026 •

edited

Loading

Thanks for splitting this out and landing the deep-link/setup-code guardrails. This matches the intent of my earlier PR (#21268), and I like the move to strict loopback parsing plus the added tests. Happy to help test edge cases if you want another set of eyes

One thought: should the user-facing error/message (or logs) include an actionable hint like “enable TLS / use a secure URL” to reduce support churn?


          fix(shared): reject insecure non-loopback gateway deep links #21970 t…

279173c

…hanks @mbelinky

mbelinky force-pushed the fix/shared-deeplink-ws-loopback branch from b43f510 to 279173c Compare

February 20, 2026 16:31

openclaw-barnacle bot removed the docs label

mbelinky merged commit ebae6f9 into main

8 checks passed

mbelinky deleted the fix/shared-deeplink-ws-loopback branch

February 20, 2026 16:31

Contributor Author

mbelinky commented Feb 20, 2026

Merged via squash.

Prepared head SHA: 279173c
Merge commit: ebae6f9

Thanks @mbelinky!

mbelinky mentioned this pull request

Security: reject insecure non-loopback gateway deep links #22016

Closed

github-actions bot mentioned this pull request

📡 Upstream Digest — 2026-02-20 18:35 UTC curtismercier/openclaw-mods#78

Open

rodrigogs pushed a commit to rodrigogs/openclaw that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links (opencla…

3fffb79

…w#21970)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

Hansen1018 added a commit to Hansen1018/openclaw that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links (opencla…

b963b32

…w#21970)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

vincentkoc pushed a commit that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links (#21970)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

dgarson pushed a commit to dgarson/clawdbot that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links (opencla…

d1842da

…w#21970)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

mmyyfirstb pushed a commit to mmyyfirstb/openclaw that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links (opencla…

ae07996

…w#21970)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

obviyus pushed a commit to guirguispierre/openclaw that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links (opencla…

533b07f

…w#21970)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

mreedr pushed a commit to mreedr/openclaw-custom that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links (opencla…

43ef1ce

…w#21970)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

github-actions bot mentioned this pull request

cherry-pick: upstream docs commits (2026-03-01-0443) hughdidit/DAISy-Agency#141

Closed

6 tasks

hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links (opencla…

f0c7d29

…w#21970)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

(cherry picked from commit ebae6f9)

hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links (opencla…

5b32bc9

…w#21970)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

(cherry picked from commit ebae6f9)

# Conflicts:
#	apps/shared/MoltbotKit/Tests/MoltbotKitTests/DeepLinksSecurityTests.swift

zooqueen pushed a commit to hanzoai/bot that referenced this pull request


          fix(shared): reject insecure non-loopback gateway deep links (opencla…

5aff14c

…w#21970)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279173c
Co-authored-by: mbelinky <[email protected]>
Co-authored-by: mbelinky <[email protected]>
Reviewed-by: @mbelinky

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

app: ios maintainer size: S