fix(providers): harden large-file path (SSRF fetch, ceiling gate, per-file UI limit)

waleedlatif1 · waleedlatif1 · commit 48f79a4e457c · 2026-06-15T22:32:36.000-07:00
- Download files for OpenAI/Gemini uploads via validateUrlWithDNS + IP-pinned
  fetch so a forged URL can't reach internal addresses (covers all callers).
- Reject files above the provider ceiling before downloading/uploading.
- UI now validates each file against the provider's per-file ceiling instead of
  summing all files against it, matching server-side per-file validation.
- Lower Anthropic ceiling to 50MB (documented 32MB request cap / page limits).
diff --git a/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-upload/file-upload.tsx b/apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/editor/components/sub-block/components/file-upload/file-upload.tsx
@@ -292,24 +292,19 @@ export function FileUpload({
     const files = e.target.files
     if (!files || files.length === 0) return
 
-    const existingFiles = Array.isArray(value) ? value : value ? [value] : []
-    const existingTotalSize = existingFiles.reduce((sum, file) => sum + file.size, 0)
-
     const validFiles: File[] = []
-    let totalNewSize = 0
     let sizeExceededFile: string | null = null
 
     for (let i = 0; i < files.length; i++) {
       const file = files[i]
-      if (existingTotalSize + totalNewSize + file.size > maxSizeInBytes) {
-        const errorMessage = `Adding ${file.name} would exceed the maximum size limit of ${maxSizeLabel}`
+      if (file.size > maxSizeInBytes) {
+        const errorMessage = `${file.name} exceeds the maximum file size of ${maxSizeLabel}`
         logger.error(errorMessage, activeWorkflowId)
         if (!sizeExceededFile) {
           sizeExceededFile = errorMessage
         }
       } else {
         validFiles.push(file)
-        totalNewSize += file.size
       }
     }
 
diff --git a/apps/sim/providers/file-attachments.server.ts b/apps/sim/providers/file-attachments.server.ts
@@ -3,12 +3,18 @@ import { createLogger } from '@sim/logger'
 import { getErrorMessage } from '@sim/utils/errors'
 import { sleep } from '@sim/utils/helpers'
 import OpenAI, { toFile } from 'openai'
+import {
+  secureFetchWithPinnedIP,
+  validateUrlWithDNS,
+} from '@/lib/core/security/input-validation.server'
+import { readResponseToBufferWithLimit } from '@/lib/core/utils/stream-limits'
 import type { StorageContext } from '@/lib/uploads'
 import { StorageService } from '@/lib/uploads'
 import { inferContextFromKey } from '@/lib/uploads/utils/file-utils'
 import { verifyFileAccess } from '@/app/api/files/authorization'
 import type { UserFile } from '@/executor/types'
 import {
+  getProviderAttachmentMaxBytes,
   getProviderFileStrategy,
   inferAttachmentMimeType,
   shouldUseLargeFilePath,
@@ -54,6 +60,16 @@ export async function attachLargeFileRemoteUrls(
 
   for (const file of files) {
     if (!file.key || !shouldUseLargeFilePath(file, providerId)) continue
+
+    const maxBytes = getProviderAttachmentMaxBytes(providerId)
+    if (Number.isFinite(file.size) && file.size > maxBytes) {
+      const sizeMB = (file.size / (1024 * 1024)).toFixed(2)
+      const maxMB = (maxBytes / (1024 * 1024)).toFixed(0)
+      throw new Error(
+        `File "${file.name}" (${sizeMB}MB) exceeds the ${maxMB}MB agent attachment limit for provider "${providerId}"`
+      )
+    }
+
     if (!StorageService.hasCloudStorage()) {
       logger.warn(
         `[${ctx.requestId}] "${file.name}" exceeds the inline limit for "${providerId}" but cloud storage is unavailable; it cannot be sent`
@@ -95,15 +111,16 @@ export async function uploadLargeFilesToProvider(
   const groups = groupUploadableFiles(request.messages)
   if (groups.length === 0) return
 
+  const maxBytes = getProviderAttachmentMaxBytes(providerId)
   const openai = providerId === 'openai' ? new OpenAI({ apiKey: request.apiKey }) : null
   const ai = providerId === 'google' ? new GoogleGenAI({ apiKey: request.apiKey }) : null
 
   for (const group of groups) {
     const [representative] = group
     if (openai) {
-      await uploadOpenAIFile(representative, openai, request.abortSignal)
+      await uploadOpenAIFile(representative, openai, maxBytes, request.abortSignal)
     } else if (ai) {
-      await uploadGeminiFile(representative, ai, request.abortSignal)
+      await uploadGeminiFile(representative, ai, maxBytes, request.abortSignal)
     }
     for (const file of group) {
       file.providerFileId = representative.providerFileId
@@ -130,21 +147,48 @@ function groupUploadableFiles(messages: Message[] | undefined): UserFile[][] {
   return [...groups.values()]
 }
 
-async function fetchRemoteFileBlob(file: UserFile, signal?: AbortSignal): Promise<Blob> {
-  const response = await fetch(file.remoteUrl as string, { signal })
+/**
+ * Downloads the file from its signed URL with DNS validation and IP pinning so a URL that
+ * somehow resolves to an internal address can never be fetched (SSRF defense for every
+ * caller, not just the agent path). Bounded by the provider's attachment ceiling.
+ */
+async function fetchRemoteFileBlob(
+  file: UserFile,
+  maxBytes: number,
+  signal?: AbortSignal
+): Promise<Blob> {
+  const url = file.remoteUrl as string
+  const validation = await validateUrlWithDNS(url, 'fileUrl')
+  if (!validation.isValid || !validation.resolvedIP) {
+    throw new Error(
+      `Cannot download "${file.name}" for upload: ${validation.error || 'invalid URL'}`
+    )
+  }
+
+  const response = await secureFetchWithPinnedIP(url, validation.resolvedIP, {
+    maxResponseBytes: maxBytes,
+    signal,
+  })
   if (!response.ok) {
     throw new Error(`Failed to download "${file.name}" for upload (status ${response.status})`)
   }
-  return response.blob()
+
+  const buffer = await readResponseToBufferWithLimit(response, {
+    maxBytes,
+    label: 'provider file upload',
+    signal,
+  })
+  return new Blob([buffer], { type: file.type || inferAttachmentMimeType(file) })
 }
 
 async function uploadOpenAIFile(
   file: UserFile,
   client: OpenAI,
+  maxBytes: number,
   signal?: AbortSignal
 ): Promise<void> {
   const mimeType = inferAttachmentMimeType(file)
-  const blob = await fetchRemoteFileBlob(file, signal)
+  const blob = await fetchRemoteFileBlob(file, maxBytes, signal)
 
   const uploaded = await client.files.create(
     {
@@ -162,10 +206,11 @@ async function uploadOpenAIFile(
 async function uploadGeminiFile(
   file: UserFile,
   ai: GoogleGenAI,
+  maxBytes: number,
   signal?: AbortSignal
 ): Promise<void> {
   const mimeType = inferAttachmentMimeType(file)
-  const blob = await fetchRemoteFileBlob(file, signal)
+  const blob = await fetchRemoteFileBlob(file, maxBytes, signal)
 
   let uploaded = await ai.files.upload({ file: blob, config: { mimeType, abortSignal: signal } })
 
diff --git a/apps/sim/providers/models.ts b/apps/sim/providers/models.ts
@@ -657,7 +657,7 @@ export const PROVIDER_DEFINITIONS: Record<string, ProviderDefinition> = {
   },
   anthropic: {
     id: 'anthropic',
-    fileAttachment: { maxBytes: 100 * 1024 * 1024, strategy: 'remote-url' },
+    fileAttachment: { maxBytes: 50 * 1024 * 1024, strategy: 'remote-url' },
     name: 'Anthropic',
     description: "Anthropic's Claude models",
     defaultModel: 'claude-sonnet-4-6',
