@openclaw/msteams 2026.2.21 → 2026.2.22

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 2026.2.22
+
+### Changes
+
+- Version alignment with core OpenClaw release numbers.
+
 ## 2026.1.15
 
 ### Features

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openclaw/msteams",
-  "version": "2026.2.21",
+  "version": "2026.2.22",
   "description": "OpenClaw Microsoft Teams channel plugin",
   "type": "module",
   "dependencies": {

package/src/attachments/download.ts

@@ -1,4 +1,5 @@
 import { getMSTeamsRuntime } from "../runtime.js";
+import { downloadAndStoreMSTeamsRemoteMedia } from "./remote-media.js";
 import {
   extractInlineImageCandidates,
   inferPlaceholder,
@@ -6,8 +7,10 @@ import {
   isRecord,
   isUrlAllowed,
   normalizeContentType,
+  resolveRequestUrl,
   resolveAuthAllowedHosts,
   resolveAllowedHosts,
+  safeFetch,
 } from "./shared.js";
 import type {
   MSTeamsAccessTokenProvider,
@@ -86,11 +89,22 @@ async function fetchWithAuthFallback(params: {
   url: string;
   tokenProvider?: MSTeamsAccessTokenProvider;
   fetchFn?: typeof fetch;
+  requestInit?: RequestInit;
   allowHosts: string[];
   authAllowHosts: string[];
+  resolveFn?: (hostname: string) => Promise<{ address: string }>;
 }): Promise<Response> {
   const fetchFn = params.fetchFn ?? fetch;
-  const firstAttempt = await fetchFn(params.url);
+
+  // Use safeFetch for the initial attempt — redirect: "manual" with
+  // allowlist + DNS/IP validation on every hop (prevents SSRF via redirect).
+  const firstAttempt = await safeFetch({
+    url: params.url,
+    allowHosts: params.allowHosts,
+    fetchFn,
+    requestInit: params.requestInit,
+    resolveFn: params.resolveFn,
+  });
   if (firstAttempt.ok) {
     return firstAttempt;
   }
@@ -108,31 +122,42 @@ async function fetchWithAuthFallback(params: {
   for (const scope of scopes) {
     try {
       const token = await params.tokenProvider.getAccessToken(scope);
-      const res = await fetchFn(params.url, {
-        headers: { Authorization: `Bearer ${token}` },
-        redirect: "manual",
+      const authHeaders = new Headers(params.requestInit?.headers);
+      authHeaders.set("Authorization", `Bearer ${token}`);
+      const authAttempt = await safeFetch({
+        url: params.url,
+        allowHosts: params.allowHosts,
+        fetchFn,
+        requestInit: {
+          ...params.requestInit,
+          headers: authHeaders,
+        },
+        resolveFn: params.resolveFn,
       });
-      if (res.ok) {
-        return res;
+      if (authAttempt.ok) {
+        return authAttempt;
+      }
+      if (authAttempt.status !== 401 && authAttempt.status !== 403) {
+        continue;
+      }
+
+      const finalUrl =
+        typeof authAttempt.url === "string" && authAttempt.url ? authAttempt.url : "";
+      if (!finalUrl || finalUrl === params.url || !isUrlAllowed(finalUrl, params.authAllowHosts)) {
+        continue;
       }
-      const redirectUrl = readRedirectUrl(params.url, res);
-      if (redirectUrl && isUrlAllowed(redirectUrl, params.allowHosts)) {
-        const redirectRes = await fetchFn(redirectUrl);
-        if (redirectRes.ok) {
-          return redirectRes;
-        }
-        if (
-          (redirectRes.status === 401 || redirectRes.status === 403) &&
-          isUrlAllowed(redirectUrl, params.authAllowHosts)
-        ) {
-          const redirectAuthRes = await fetchFn(redirectUrl, {
-            headers: { Authorization: `Bearer ${token}` },
-            redirect: "manual",
-          });
-          if (redirectAuthRes.ok) {
-            return redirectAuthRes;
-          }
-        }
+      const redirectedAuthAttempt = await safeFetch({
+        url: finalUrl,
+        allowHosts: params.allowHosts,
+        fetchFn,
+        requestInit: {
+          ...params.requestInit,
+          headers: authHeaders,
+        },
+        resolveFn: params.resolveFn,
+      });
+      if (redirectedAuthAttempt.ok) {
+        return redirectedAuthAttempt;
       }
     } catch {
       // Try the next scope.
@@ -142,21 +167,6 @@ async function fetchWithAuthFallback(params: {
   return firstAttempt;
 }
 
-function readRedirectUrl(baseUrl: string, res: Response): string | null {
-  if (![301, 302, 303, 307, 308].includes(res.status)) {
-    return null;
-  }
-  const location = res.headers.get("location");
-  if (!location) {
-    return null;
-  }
-  try {
-    return new URL(location, baseUrl).toString();
-  } catch {
-    return null;
-  }
-}
-
 /**
  * Download all file attachments from a Teams message (images, documents, etc.).
  * Renamed from downloadMSTeamsImageAttachments to support all file types.
@@ -170,6 +180,8 @@ export async function downloadMSTeamsAttachments(params: {
   fetchFn?: typeof fetch;
   /** When true, embeds original filename in stored path for later extraction. */
   preserveFilenames?: boolean;
+  /** Override DNS resolver for testing (anti-SSRF IP validation). */
+  resolveFn?: (hostname: string) => Promise<{ address: string }>;
 }): Promise<MSTeamsInboundMedia[]> {
   const list = Array.isArray(params.attachments) ? params.attachments : [];
   if (list.length === 0) {
@@ -238,38 +250,25 @@ export async function downloadMSTeamsAttachments(params: {
       continue;
     }
     try {
-      const res = await fetchWithAuthFallback({
+      const media = await downloadAndStoreMSTeamsRemoteMedia({
         url: candidate.url,
-        tokenProvider: params.tokenProvider,
-        fetchFn: params.fetchFn,
-        allowHosts,
-        authAllowHosts,
-      });
-      if (!res.ok) {
-        continue;
-      }
-      const buffer = Buffer.from(await res.arrayBuffer());
-      if (buffer.byteLength > params.maxBytes) {
-        continue;
-      }
-      const mime = await getMSTeamsRuntime().media.detectMime({
-        buffer,
-        headerMime: res.headers.get("content-type"),
-        filePath: candidate.fileHint ?? candidate.url,
-      });
-      const originalFilename = params.preserveFilenames ? candidate.fileHint : undefined;
-      const saved = await getMSTeamsRuntime().channel.media.saveMediaBuffer(
-        buffer,
-        mime ?? candidate.contentTypeHint,
-        "inbound",
-        params.maxBytes,
-        originalFilename,
-      );
-      out.push({
-        path: saved.path,
-        contentType: saved.contentType,
+        filePathHint: candidate.fileHint ?? candidate.url,
+        maxBytes: params.maxBytes,
+        contentTypeHint: candidate.contentTypeHint,
         placeholder: candidate.placeholder,
+        preserveFilenames: params.preserveFilenames,
+        fetchImpl: (input, init) =>
+          fetchWithAuthFallback({
+            url: resolveRequestUrl(input),
+            tokenProvider: params.tokenProvider,
+            fetchFn: params.fetchFn,
+            requestInit: init,
+            allowHosts,
+            authAllowHosts,
+            resolveFn: params.resolveFn,
+          }),
       });
+      out.push(media);
     } catch {
       // Ignore download failures and continue with next candidate.
     }

package/src/attachments/graph.ts

@@ -1,11 +1,15 @@
 import { getMSTeamsRuntime } from "../runtime.js";
 import { downloadMSTeamsAttachments } from "./download.js";
+import { downloadAndStoreMSTeamsRemoteMedia } from "./remote-media.js";
 import {
   GRAPH_ROOT,
   inferPlaceholder,
   isRecord,
+  isUrlAllowed,
   normalizeContentType,
+  resolveRequestUrl,
   resolveAllowedHosts,
+  safeFetch,
 } from "./shared.js";
 import type {
   MSTeamsAccessTokenProvider,
@@ -262,38 +266,35 @@ export async function downloadMSTeamsGraphMedia(params: {
         try {
           // SharePoint URLs need to be accessed via Graph shares API
           const shareUrl = att.contentUrl!;
+          if (!isUrlAllowed(shareUrl, allowHosts)) {
+            continue;
+          }
           const encodedUrl = Buffer.from(shareUrl).toString("base64url");
           const sharesUrl = `${GRAPH_ROOT}/shares/u!${encodedUrl}/driveItem/content`;
 
-          const spRes = await fetchFn(sharesUrl, {
-            headers: { Authorization: `Bearer ${accessToken}` },
-            redirect: "follow",
-          });
-
-          if (spRes.ok) {
-            const buffer = Buffer.from(await spRes.arrayBuffer());
-            if (buffer.byteLength <= params.maxBytes) {
-              const mime = await getMSTeamsRuntime().media.detectMime({
-                buffer,
-                headerMime: spRes.headers.get("content-type") ?? undefined,
-                filePath: name,
+          const media = await downloadAndStoreMSTeamsRemoteMedia({
+            url: sharesUrl,
+            filePathHint: name,
+            maxBytes: params.maxBytes,
+            contentTypeHint: "application/octet-stream",
+            preserveFilenames: params.preserveFilenames,
+            fetchImpl: async (input, init) => {
+              const requestUrl = resolveRequestUrl(input);
+              const headers = new Headers(init?.headers);
+              headers.set("Authorization", `Bearer ${accessToken}`);
+              return await safeFetch({
+                url: requestUrl,
+                allowHosts,
+                fetchFn,
+                requestInit: {
+                  ...init,
+                  headers,
+                },
               });
-              const originalFilename = params.preserveFilenames ? name : undefined;
-              const saved = await getMSTeamsRuntime().channel.media.saveMediaBuffer(
-                buffer,
-                mime ?? "application/octet-stream",
-                "inbound",
-                params.maxBytes,
-                originalFilename,
-              );
-              sharePointMedia.push({
-                path: saved.path,
-                contentType: saved.contentType,
-                placeholder: inferPlaceholder({ contentType: saved.contentType, fileName: name }),
-              });
-              downloadedReferenceUrls.add(shareUrl);
-            }
-          }
+            },
+          });
+          sharePointMedia.push(media);
+          downloadedReferenceUrls.add(shareUrl);
         } catch {
           // Ignore SharePoint download failures.
         }

package/src/attachments/remote-media.ts

@@ -0,0 +1,42 @@
+import { getMSTeamsRuntime } from "../runtime.js";
+import { inferPlaceholder } from "./shared.js";
+import type { MSTeamsInboundMedia } from "./types.js";
+
+type FetchLike = (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>;
+
+export async function downloadAndStoreMSTeamsRemoteMedia(params: {
+  url: string;
+  filePathHint: string;
+  maxBytes: number;
+  fetchImpl?: FetchLike;
+  contentTypeHint?: string;
+  placeholder?: string;
+  preserveFilenames?: boolean;
+}): Promise<MSTeamsInboundMedia> {
+  const fetched = await getMSTeamsRuntime().channel.media.fetchRemoteMedia({
+    url: params.url,
+    fetchImpl: params.fetchImpl,
+    filePathHint: params.filePathHint,
+    maxBytes: params.maxBytes,
+  });
+  const mime = await getMSTeamsRuntime().media.detectMime({
+    buffer: fetched.buffer,
+    headerMime: fetched.contentType ?? params.contentTypeHint,
+    filePath: params.filePathHint,
+  });
+  const originalFilename = params.preserveFilenames ? params.filePathHint : undefined;
+  const saved = await getMSTeamsRuntime().channel.media.saveMediaBuffer(
+    fetched.buffer,
+    mime ?? params.contentTypeHint,
+    "inbound",
+    params.maxBytes,
+    originalFilename,
+  );
+  return {
+    path: saved.path,
+    contentType: saved.contentType,
+    placeholder:
+      params.placeholder ??
+      inferPlaceholder({ contentType: saved.contentType, fileName: params.filePathHint }),
+  };
+}

package/src/attachments/shared.test.ts

@@ -0,0 +1,279 @@
+import { describe, expect, it, vi } from "vitest";
+import { isPrivateOrReservedIP, resolveAndValidateIP, safeFetch } from "./shared.js";
+
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+
+const publicResolve = async () => ({ address: "13.107.136.10" });
+const privateResolve = (ip: string) => async () => ({ address: ip });
+const failingResolve = async () => {
+  throw new Error("DNS failure");
+};
+
+function mockFetchWithRedirect(redirectMap: Record<string, string>, finalBody = "ok") {
+  return vi.fn(async (url: string, init?: RequestInit) => {
+    const target = redirectMap[url];
+    if (target && init?.redirect === "manual") {
+      return new Response(null, {
+        status: 302,
+        headers: { location: target },
+      });
+    }
+    return new Response(finalBody, { status: 200 });
+  });
+}
+
+// ─── isPrivateOrReservedIP ───────────────────────────────────────────────────
+
+describe("isPrivateOrReservedIP", () => {
+  it.each([
+    ["10.0.0.1", true],
+    ["10.255.255.255", true],
+    ["172.16.0.1", true],
+    ["172.31.255.255", true],
+    ["172.15.0.1", false],
+    ["172.32.0.1", false],
+    ["192.168.0.1", true],
+    ["192.168.255.255", true],
+    ["127.0.0.1", true],
+    ["127.255.255.255", true],
+    ["169.254.0.1", true],
+    ["169.254.169.254", true],
+    ["0.0.0.0", true],
+    ["8.8.8.8", false],
+    ["13.107.136.10", false],
+    ["52.96.0.1", false],
+  ] as const)("IPv4 %s → %s", (ip, expected) => {
+    expect(isPrivateOrReservedIP(ip)).toBe(expected);
+  });
+
+  it.each([
+    ["::1", true],
+    ["::", true],
+    ["fe80::1", true],
+    ["fc00::1", true],
+    ["fd12:3456::1", true],
+    ["2001:0db8::1", false],
+    ["2620:1ec:c11::200", false],
+    // IPv4-mapped IPv6 addresses
+    ["::ffff:127.0.0.1", true],
+    ["::ffff:10.0.0.1", true],
+    ["::ffff:192.168.1.1", true],
+    ["::ffff:169.254.169.254", true],
+    ["::ffff:8.8.8.8", false],
+    ["::ffff:13.107.136.10", false],
+  ] as const)("IPv6 %s → %s", (ip, expected) => {
+    expect(isPrivateOrReservedIP(ip)).toBe(expected);
+  });
+
+  it.each([
+    ["999.999.999.999", true],
+    ["256.0.0.1", true],
+    ["10.0.0.256", true],
+    ["-1.0.0.1", false],
+    ["1.2.3.4.5", false],
+    ["0:0:0:0:0:0:0:1", true],
+  ] as const)("malformed/expanded %s → %s (SDK fails closed)", (ip, expected) => {
+    expect(isPrivateOrReservedIP(ip)).toBe(expected);
+  });
+});
+
+// ─── resolveAndValidateIP ────────────────────────────────────────────────────
+
+describe("resolveAndValidateIP", () => {
+  it("accepts a hostname resolving to a public IP", async () => {
+    const ip = await resolveAndValidateIP("teams.sharepoint.com", publicResolve);
+    expect(ip).toBe("13.107.136.10");
+  });
+
+  it("rejects a hostname resolving to 10.x.x.x", async () => {
+    await expect(resolveAndValidateIP("evil.test", privateResolve("10.0.0.1"))).rejects.toThrow(
+      "private/reserved IP",
+    );
+  });
+
+  it("rejects a hostname resolving to 169.254.169.254", async () => {
+    await expect(
+      resolveAndValidateIP("evil.test", privateResolve("169.254.169.254")),
+    ).rejects.toThrow("private/reserved IP");
+  });
+
+  it("rejects a hostname resolving to loopback", async () => {
+    await expect(resolveAndValidateIP("evil.test", privateResolve("127.0.0.1"))).rejects.toThrow(
+      "private/reserved IP",
+    );
+  });
+
+  it("rejects a hostname resolving to IPv6 loopback", async () => {
+    await expect(resolveAndValidateIP("evil.test", privateResolve("::1"))).rejects.toThrow(
+      "private/reserved IP",
+    );
+  });
+
+  it("throws on DNS resolution failure", async () => {
+    await expect(resolveAndValidateIP("nonexistent.test", failingResolve)).rejects.toThrow(
+      "DNS resolution failed",
+    );
+  });
+});
+
+// ─── safeFetch ───────────────────────────────────────────────────────────────
+
+describe("safeFetch", () => {
+  it("fetches a URL directly when no redirect occurs", async () => {
+    const fetchMock = vi.fn<typeof fetch>(async () => new Response("ok", { status: 200 }));
+    const res = await safeFetch({
+      url: "https://teams.sharepoint.com/file.pdf",
+      allowHosts: ["sharepoint.com"],
+      fetchFn: fetchMock,
+      resolveFn: publicResolve,
+    });
+    expect(res.status).toBe(200);
+    expect(fetchMock).toHaveBeenCalledOnce();
+    // Should have used redirect: "manual"
+    expect(fetchMock.mock.calls[0][1]).toHaveProperty("redirect", "manual");
+  });
+
+  it("follows a redirect to an allowlisted host with public IP", async () => {
+    const fetchMock = mockFetchWithRedirect({
+      "https://teams.sharepoint.com/file.pdf": "https://cdn.sharepoint.com/storage/file.pdf",
+    });
+    const res = await safeFetch({
+      url: "https://teams.sharepoint.com/file.pdf",
+      allowHosts: ["sharepoint.com"],
+      fetchFn: fetchMock as unknown as typeof fetch,
+      resolveFn: publicResolve,
+    });
+    expect(res.status).toBe(200);
+    expect(fetchMock).toHaveBeenCalledTimes(2);
+  });
+
+  it("blocks a redirect to a non-allowlisted host", async () => {
+    const fetchMock = mockFetchWithRedirect({
+      "https://teams.sharepoint.com/file.pdf": "https://evil.example.com/steal",
+    });
+    await expect(
+      safeFetch({
+        url: "https://teams.sharepoint.com/file.pdf",
+        allowHosts: ["sharepoint.com"],
+        fetchFn: fetchMock as unknown as typeof fetch,
+        resolveFn: publicResolve,
+      }),
+    ).rejects.toThrow("blocked by allowlist");
+    // Should not have fetched the evil URL
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+  });
+
+  it("blocks a redirect to an allowlisted host that resolves to a private IP (DNS rebinding)", async () => {
+    let callCount = 0;
+    const rebindingResolve = async () => {
+      callCount++;
+      // First call (initial URL) resolves to public IP
+      if (callCount === 1) return { address: "13.107.136.10" };
+      // Second call (redirect target) resolves to private IP
+      return { address: "169.254.169.254" };
+    };
+
+    const fetchMock = mockFetchWithRedirect({
+      "https://teams.sharepoint.com/file.pdf": "https://evil.trafficmanager.net/metadata",
+    });
+    await expect(
+      safeFetch({
+        url: "https://teams.sharepoint.com/file.pdf",
+        allowHosts: ["sharepoint.com", "trafficmanager.net"],
+        fetchFn: fetchMock as unknown as typeof fetch,
+        resolveFn: rebindingResolve,
+      }),
+    ).rejects.toThrow("private/reserved IP");
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+  });
+
+  it("blocks when the initial URL resolves to a private IP", async () => {
+    const fetchMock = vi.fn();
+    await expect(
+      safeFetch({
+        url: "https://evil.sharepoint.com/file.pdf",
+        allowHosts: ["sharepoint.com"],
+        fetchFn: fetchMock as unknown as typeof fetch,
+        resolveFn: privateResolve("10.0.0.1"),
+      }),
+    ).rejects.toThrow("Initial download URL blocked");
+    expect(fetchMock).not.toHaveBeenCalled();
+  });
+
+  it("blocks when initial URL DNS resolution fails", async () => {
+    const fetchMock = vi.fn();
+    await expect(
+      safeFetch({
+        url: "https://nonexistent.sharepoint.com/file.pdf",
+        allowHosts: ["sharepoint.com"],
+        fetchFn: fetchMock as unknown as typeof fetch,
+        resolveFn: failingResolve,
+      }),
+    ).rejects.toThrow("Initial download URL blocked");
+    expect(fetchMock).not.toHaveBeenCalled();
+  });
+
+  it("follows multiple redirects when all are valid", async () => {
+    const fetchMock = vi.fn(async (url: string, init?: RequestInit) => {
+      if (url === "https://a.sharepoint.com/1" && init?.redirect === "manual") {
+        return new Response(null, {
+          status: 302,
+          headers: { location: "https://b.sharepoint.com/2" },
+        });
+      }
+      if (url === "https://b.sharepoint.com/2" && init?.redirect === "manual") {
+        return new Response(null, {
+          status: 302,
+          headers: { location: "https://c.sharepoint.com/3" },
+        });
+      }
+      return new Response("final", { status: 200 });
+    });
+
+    const res = await safeFetch({
+      url: "https://a.sharepoint.com/1",
+      allowHosts: ["sharepoint.com"],
+      fetchFn: fetchMock as unknown as typeof fetch,
+      resolveFn: publicResolve,
+    });
+    expect(res.status).toBe(200);
+    expect(fetchMock).toHaveBeenCalledTimes(3);
+  });
+
+  it("throws on too many redirects", async () => {
+    let counter = 0;
+    const fetchMock = vi.fn(async (_url: string, init?: RequestInit) => {
+      if (init?.redirect === "manual") {
+        counter++;
+        return new Response(null, {
+          status: 302,
+          headers: { location: `https://loop${counter}.sharepoint.com/x` },
+        });
+      }
+      return new Response("ok", { status: 200 });
+    });
+
+    await expect(
+      safeFetch({
+        url: "https://start.sharepoint.com/x",
+        allowHosts: ["sharepoint.com"],
+        fetchFn: fetchMock as unknown as typeof fetch,
+        resolveFn: publicResolve,
+      }),
+    ).rejects.toThrow("Too many redirects");
+  });
+
+  it("blocks redirect to HTTP (non-HTTPS)", async () => {
+    const fetchMock = mockFetchWithRedirect({
+      "https://teams.sharepoint.com/file": "http://internal.sharepoint.com/file",
+    });
+    await expect(
+      safeFetch({
+        url: "https://teams.sharepoint.com/file",
+        allowHosts: ["sharepoint.com"],
+        fetchFn: fetchMock as unknown as typeof fetch,
+        resolveFn: publicResolve,
+      }),
+    ).rejects.toThrow("blocked by allowlist");
+  });
+});