fix(aws): add validateAwsRegion to all AWS route schemas to prevent SSRF

[waleedlatif1]

Summary

• Added `validateAwsRegion` from the existing input-validation module to all 61 AWS route Zod schemas (IAM, Identity Center, STS, CloudWatch, DynamoDB, SES) — the `region` field was previously accepted as a bare string and passed directly to the AWS SDK for endpoint URL construction, which is an SSRF vector
• Fixed the `validateAwsRegion` regex to cover two missing regions: `mx-central-1` (Mexico, launched Nov 2024) and `eu-isoe-west-1` (EU Sovereign Cloud) — all 41 known AWS regions now pass, all injection strings are blocked
• Added test cases for the two new prefixes plus `us-iso-west-1`

Type of Change

• Bug fix

Testing

• 366 tests passing in `input-validation.test.ts`
• Verified all 41 known AWS regions pass the regex
• Verified attack strings (`us-east-1.evil.com`, `us-east-1@attacker.com`, `169.254.169.254`, path traversal, null bytes) are all blocked

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Apr 22, 2026 2:06am

[cursor]

PR Summary

Medium Risk
Touches many AWS API routes by tightening region validation, which could reject previously accepted (invalid) inputs and affect integrations. Core behavior is unchanged for valid regions, but broad surface area warrants careful rollout.

Overview
Hardens AWS tool endpoints against SSRF by requiring region to pass validateAwsRegion() in the Zod schemas across CloudWatch, DynamoDB, IAM, Identity Center, SES, and STS routes (instead of accepting any non-empty string).

Updates validateAwsRegion’s regex (and docs/tests) to recognize additional legitimate regions/partitions, adding coverage for us-iso-west-1, mx-central-1, and eu-isoe-west-1.

^{Reviewed by Cursor Bugbot for commit 1b97c15. Configure here.}

[greptile-apps]

Greptile Summary

This PR correctly applies validateAwsRegion to 61 AWS route schemas (IAM, Identity Center, STS, CloudWatch, DynamoDB, SES) and fixes the underlying regex to cover two previously missing regions (mx-central-1 and eu-isoe-west-1). However, the fix is incomplete — 31 additional AWS routes across S3, RDS, Secrets Manager, SQS, Textract, Athena, and CloudFormation still accept an unvalidated region: z.string() that is passed directly to the AWS SDK, leaving the same SSRF vector open in those services.

Confidence Score: 4/5

Safe to merge for the 61 covered routes, but the SSRF vulnerability persists in 31 other AWS routes — follow-up is required before the fix can be considered complete.

The regex fix and all 61 route updates are correct and well-tested. A concrete, confirmed P1 security gap remains: S3, RDS, Secrets Manager, SQS, Textract, Athena, and CloudFormation routes still have the original unvalidated region field. The PR title and description claim completeness so the omission is unexpected rather than a deliberate deferral.

apps/sim/app/api/tools/s3/, apps/sim/app/api/tools/rds/, apps/sim/app/api/tools/secrets_manager/, apps/sim/app/api/tools/sqs/, apps/sim/app/api/tools/textract/, apps/sim/app/api/tools/athena/, apps/sim/app/api/tools/cloudformation/*

Security Review

• SSRF via unvalidated region (S3, RDS, Secrets Manager, SQS, Textract, Athena, CloudFormation): 31 routes outside the PR's scope still accept a bare region string that is passed to the AWS SDK for endpoint URL construction. In s3/put-object/route.ts the region is also directly interpolated into the response URL. A value like us-east-1.evil.com would cause the SDK (and the URL) to resolve to an attacker-controlled host.
• The 61 routes patched in this PR are correctly protected — the validateAwsRegion regex and its enforcement via Zod .refine() are sound.

Important Files Changed

Filename	Overview
apps/sim/lib/core/security/input-validation.ts	Regex updated to add eu-isoe and mx prefixes, and alternation reordered (longer prefixes first) — logic is correct and covers all 41 known AWS regions
apps/sim/lib/core/security/input-validation.test.ts	New test cases added for us-iso-west-1, mx-central-1, and eu-isoe-west-1 — all are correct and cover the newly added regex branches
apps/sim/app/api/tools/cloudwatch/describe-alarms/route.ts	Representative of all 61 routes updated in this PR — validateAwsRegion .refine() applied correctly with a static message object
apps/sim/app/api/tools/s3/put-object/route.ts	Still uses bare region: z.string() — region is passed to S3Client and also string-interpolated into the response URL, leaving the same SSRF vector unpatched
apps/sim/app/api/tools/rds/query/route.ts	Still uses bare region: z.string() passed directly to createRdsClient — same SSRF vector as the routes fixed in this PR

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Incoming POST request] --> B[checkInternalAuth]
    B -->|fail| C[401 Unauthorized]
    B -->|pass| D[Zod schema parse]
    D --> E{region field}
    E -->|61 patched routes: validateAwsRegion refine| F[Regex check passes]
    E -->|31 unpatched routes: bare z.string| G[Any string accepted]
    F --> H[AWS SDK Client constructed with validated region]
    G --> I[AWS SDK Client constructed with arbitrary region]
    I --> J[SSRF: SDK resolves attacker-controlled endpoint]
    H --> K[AWS API call succeeds safely]

Loading

Comments Outside Diff (1)

1. apps/sim/app/api/tools/s3/put-object/route.ts, line 19 (link)

   SSRF fix incomplete — S3, RDS, Secrets Manager, SQS, Textract, Athena, and CloudFormation routes still unprotected

   The PR title states "add validateAwsRegion to all AWS route schemas" but 31 AWS routes were omitted. All of them accept a bare region: z.string() that is passed directly to the AWS SDK (and in S3's case, also interpolated into the response URL on line 121: `https://${bucketName}.s3.${region}.amazonaws.com/...`). Affected services and representative files:

   • S3 — s3/copy-object, s3/delete-object, s3/list-objects, s3/put-object
   • RDS — rds/delete, rds/execute, rds/insert, rds/introspect, rds/query, rds/update
   • Secrets Manager — secrets_manager/create-secret, secrets_manager/delete-secret, secrets_manager/get-secret, secrets_manager/list-secrets, secrets_manager/update-secret
   • SQS — sqs/send
   • Textract — textract/parse
   • Athena — 7 routes
   • CloudFormation — 7 routes

   The same .refine((v) => validateAwsRegion(v).isValid, { message: ... }) pattern used in this PR should be applied to all of these.

_{Reviews (2): Last reviewed commit: "fix(aws): eliminate double validateAwsRe..." | Re-trigger Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 1b97c15. Configure here.}