db620d33df
dotnet-build-and-test / dotnet-test-functions (push) Has been cancelled
dotnet-build-and-test / paths-filter (push) Has been cancelled
dotnet-build-and-test / dotnet-build (Debug, windows-latest, net9.0) (push) Has been cancelled
dotnet-build-and-test / dotnet-build (Release, ubuntu-latest, net10.0) (push) Has been cancelled
dotnet-build-and-test / dotnet-build (Release, ubuntu-latest, net8.0) (push) Has been cancelled
dotnet-build-and-test / dotnet-build (Release, windows-latest, net472) (push) Has been cancelled
dotnet-build-and-test / dotnet-test (Release, integration, true, ubuntu-latest, net10.0) (push) Has been cancelled
dotnet-build-and-test / dotnet-test (Release, integration, true, windows-latest, net472) (push) Has been cancelled
dotnet-build-and-test / dotnet-foundry-hosted-it (push) Has been cancelled
dotnet-build-and-test / dotnet-build-and-test-check (push) Has been cancelled
dotnet-build-and-test / Integration Test Report (push) Has been cancelled
CodeQL / Analyze (csharp) (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
61 lines
3.1 KiB
C#
61 lines
3.1 KiB
C#
// Copyright (c) Microsoft. All rights reserved.
|
|
|
|
namespace SampleApp;
|
|
|
|
/// <summary>
|
|
/// Options that control which URLs the <see cref="WebBrowsingTool"/> is permitted to access.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// <para>
|
|
/// By default, <b>no hosts are accessible</b>. You must explicitly opt in to one or more
|
|
/// of the access modes below. The validation order is:
|
|
/// </para>
|
|
/// <list type="number">
|
|
/// <item><description>If the host matches an entry in <see cref="AllowedHosts"/>, the request is allowed.</description></item>
|
|
/// <item><description>If the resolved IP is a public address and <see cref="AllowPublicNetworks"/> is <see langword="true"/>, the request is allowed.</description></item>
|
|
/// <item><description>If the resolved IP is a private/loopback/link-local address and <see cref="AllowPrivateNetworks"/> is <see langword="true"/>, the request is allowed.</description></item>
|
|
/// <item><description>If <see cref="AllowAllHosts"/> is <see langword="true"/>, the request is allowed.</description></item>
|
|
/// <item><description>Otherwise, the request is blocked.</description></item>
|
|
/// </list>
|
|
/// </remarks>
|
|
internal sealed class WebBrowsingToolOptions
|
|
{
|
|
/// <summary>
|
|
/// Gets or sets a list of host patterns that are always permitted, regardless of other settings.
|
|
/// Patterns support wildcard prefix matching (e.g., <c>"*.example.com"</c> matches <c>"docs.example.com"</c>).
|
|
/// Exact host names (e.g., <c>"docs.microsoft.com"</c>) are also supported.
|
|
/// </summary>
|
|
/// <remarks>This has the highest priority — if a host matches, it is allowed immediately.</remarks>
|
|
public IReadOnlyList<string>? AllowedHosts { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a value indicating whether public internet hosts (non-private, non-loopback, non-link-local IPs) are permitted.
|
|
/// Default is <see langword="false"/>.
|
|
/// </summary>
|
|
public bool AllowPublicNetworks { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a value indicating whether private network hosts are permitted.
|
|
/// This includes RFC 1918 addresses (10.x.x.x, 172.16-31.x.x, 192.168.x.x),
|
|
/// loopback (127.x.x.x, ::1), link-local (169.254.x.x, fe80::),
|
|
/// and cloud metadata endpoints (169.254.169.254).
|
|
/// Default is <see langword="false"/>.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// <b>Warning:</b> Enabling this allows the agent to make requests to internal services,
|
|
/// localhost, and cloud metadata endpoints. Only enable this if you understand the SSRF risks.
|
|
/// </remarks>
|
|
public bool AllowPrivateNetworks { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a value indicating whether all hosts are permitted without any restriction.
|
|
/// Default is <see langword="false"/>.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// <b>⚠️ UNSAFE:</b> Enabling this disables all network boundary checks and allows the agent
|
|
/// to access any URL, including internal services, cloud metadata endpoints, and localhost.
|
|
/// Only use this for trusted, isolated environments where SSRF is not a concern.
|
|
/// </remarks>
|
|
public bool AllowAllHosts { get; set; }
|
|
}
|