.Net: Harden gRPC plugin address handling#13961
Conversation
Add GrpcFunctionExecutionParameters for developer-controlled address configuration. Add address validation with scheme and allowlist checks. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR hardens the .NET gRPC plugin’s address handling by removing LLM-controlled address overrides and introducing developer-controlled execution parameters for channel configuration, including scheme restrictions and an address allowlist for SSRF mitigation.
Changes:
- Introduced
GrpcFunctionExecutionParametersto allow developer-suppliedHttpClient, optional address override, allowed base addresses, and allowed schemes. - Updated
GrpcOperationRunnerto ignoreaddresspassed viaKernelArgumentsand to validate the effective address (scheme + allowlist). - Updated unit tests and removed the
addressparameter from gRPC operation parameter metadata.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| dotnet/src/Functions/Functions.UnitTests/Grpc/GrpcRunnerTests.cs | Updates/extends tests for the new address override + allowlist + scheme validation behavior. |
| dotnet/src/Functions/Functions.UnitTests/Grpc/Extensions/GrpcOperationExtensionsTests.cs | Verifies the gRPC operation no longer exposes an address parameter. |
| dotnet/src/Functions/Functions.Grpc/Model/GrpcOperation.cs | Removes the address argument constant and stops advertising address as an operation parameter. |
| dotnet/src/Functions/Functions.Grpc/GrpcOperationRunner.cs | Implements developer-controlled address override and adds scheme/allowlist validation. |
| dotnet/src/Functions/Functions.Grpc/Extensions/GrpcKernelExtensions.cs | Plumbs execution parameters through public extension methods and configures the runner accordingly. |
| dotnet/src/Functions/Functions.Grpc/Extensions/GrpcFunctionExecutionParameters.cs | Adds a new public execution-parameters type for developer-controlled configuration. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Automated Code Review
Reviewers: 3 | Confidence: 90%
✓ Security Reliability
This PR is a well-designed security hardening that removes the LLM-controllable 'address' parameter from gRPC operations (preventing SSRF), adds scheme validation defaulting to HTTPS-only, and provides an optional allowlist for defense-in-depth. The validation logic in GetAddress correctly uses Uri.TryCreate for normalization before comparing, handles path-boundary attacks, and the constructor properly defaults to HTTPS when no schemes are specified. The removal of AddressArgumentName from both the model and parameter registration cleanly eliminates the attack surface. No blocking security or reliability issues found.
✓ Test Coverage
The PR adds comprehensive test coverage for the new gRPC address hardening features including allowlist validation, scheme rejection, path-boundary prefix checks, and address override validation. However, there is one notable coverage gap: no test verifies that configuring custom
AllowedSchemes(e.g., permittinghttpfor local development) actually succeds. All scheme-related tests only verify the rejection path (default https-only), leaving the positive custom-scheme path untested.
✗ Design Approach
The address-hardening logic looks sound overall, but the new execution-parameter plumbing introduces one design regression: a caller-suplied
HttpClientis still wrapped inusingduring plugin creation, so the new API disposes the developer-owned client immediately after import and leaves the returned plugin holding a dead runner.
Flagged Issues
-
GrpcKernelExtensions.cs:174acceptsexecutionParameters?.HttpClientbut binds it tousing var client, disposing the caller-owned HttpClient as soon as plugin creation returns. The plugin'sGrpcOperationRunnerretains this client for later invocation, so any subsequent function call will use a disposed instance. The repo's OpenAPI analogue explicitly avoids this pattern (seeFunctions.OpenApi/Extensions/OpenApiKernelExtensions.cs:122-124, 161-163, 204-206). Remove theusingdeclaration for externally-provided clients.
Automated review by SergeyMenshykh's agents
Fix HttpClient disposal for externally-provided clients. Fix allowlist boundary check for trailing-slash base URIs. Add tests for custom schemes and sub-path allowlist matching. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Description
Add developer-controlled address configuration and validation for the gRPC plugin.
Motivation and Context
The gRPC plugin now supports
GrpcFunctionExecutionParametersfor configuring address handling, including an optional address override, allowed base addresses, and scheme restrictions.Changes
GrpcFunctionExecutionParametersclass for developer-controlled gRPC channel configurationGrpcOperationRunnerGrpcKernelExtensionsType of change