LangGenius Dify Server-Side Request Forgery Vulnerability in ApiBasedToolSchemaParser

A server-side request forgery (SSRF) vulnerability has been identified in the LangGenius Dify application, affecting versions through 1.13.3. The issue resides in the ApiBasedToolSchemaParser component, specifically within the parse_openai_plugin_json_to_tool_bundle function in parser.py. This vulnerability allows authenticated users to manipulate the url parameter, bypassing the application's SSRF protections and potentially accessing internal network resources.

Impact

Exploitation of this vulnerability bypasses the application's SSRF protection, allowing for unauthorized internal network requests. This could be used to probe internal services and ports or interact with internal APIs that do not require a valid request body.

Reproduction

To reproduce this vulnerability, authenticate with the Dify API to obtain a valid session and CSRF tokens. Then, send a POST request to the tool schema endpoint with a JSON payload that mimics an OpenAI Plugin manifest, including a URL pointing to an internal service. The server will parse the payload, extract the URL, and make an outbound request to the specified internal resource, bypassing any SSRF protections.