Skip to content

Commit d82335b

Browse files
committed
fix(providers): use URL.hostname match for Gemini detection (#175 follow-up)
Signed-off-by: hqhq1025 <1506751656@qq.com>
1 parent 0123937 commit d82335b

2 files changed

Lines changed: 33 additions & 1 deletion

File tree

packages/providers/src/gemini-compat.test.ts

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,30 @@ describe('isGeminiOpenAICompat', () => {
1515
it('returns false when baseUrl is undefined', () => {
1616
expect(isGeminiOpenAICompat(undefined)).toBe(false);
1717
});
18+
19+
it('returns false when baseUrl is empty', () => {
20+
expect(isGeminiOpenAICompat('')).toBe(false);
21+
});
22+
23+
it('returns false when baseUrl is not a parseable URL', () => {
24+
expect(isGeminiOpenAICompat('not a url')).toBe(false);
25+
});
26+
27+
it('rejects spoofed URLs with Gemini host in query string', () => {
28+
expect(
29+
isGeminiOpenAICompat('https://attacker.com/?x=generativelanguage.googleapis.com/v1'),
30+
).toBe(false);
31+
});
32+
33+
it('rejects spoofed URLs with Gemini host as subdomain suffix of attacker domain', () => {
34+
expect(isGeminiOpenAICompat('https://generativelanguage.googleapis.com.evil.com/v1')).toBe(
35+
false,
36+
);
37+
});
38+
39+
it('rejects spoofed URLs with Gemini host hyphenated into attacker domain', () => {
40+
expect(isGeminiOpenAICompat('https://generativelanguage-googleapis-com.evil.com')).toBe(false);
41+
});
1842
});
1943

2044
describe('normalizeGeminiModelId', () => {

packages/providers/src/gemini-compat.ts

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,15 @@
99

1010
export function isGeminiOpenAICompat(baseUrl: string | undefined): boolean {
1111
if (!baseUrl) return false;
12-
return baseUrl.includes('generativelanguage.googleapis.com');
12+
try {
13+
const { hostname } = new URL(baseUrl);
14+
return (
15+
hostname === 'generativelanguage.googleapis.com' ||
16+
hostname.endsWith('.generativelanguage.googleapis.com')
17+
);
18+
} catch {
19+
return false;
20+
}
1321
}
1422

1523
export function normalizeGeminiModelId(modelId: string, baseUrl: string | undefined): string {

0 commit comments

Comments
 (0)