Package org.springframework.ai.bedrock.converse.api

Class MediaFetcher

java.lang.Object

org.springframework.ai.bedrock.converse.api.MediaFetcher

public final class MediaFetcher
extends Object

Fetches media content from HTTP/HTTPS URLs with SSRF and resource-exhaustion protections.

Protection measures:

• Socket-level blocking via MediaFetcher.SsrfBlockingPlainSocketFactory and MediaFetcher.SsrfBlockingSSLSocketFactory: the resolved InetAddress is checked at connectSocket() time — after DNS resolution — so raw IP literals (e.g. 127.0.0.1, 169.254.169.254) are blocked even when no DNS lookup occurs.
• DNS-level blocking via MediaFetcher.SsrfSafeDnsResolver: hostnames that resolve to internal addresses are rejected early, before a connection attempt is made. This provides a fast-fail path for hostname-based requests and limits DNS rebinding exposure.
• HTTP redirects are disabled to prevent redirect chains that lead to internal addresses.
• Connect and socket timeouts prevent slow-server resource exhaustion.
• Response bodies are capped at 41943040 bytes to prevent memory exhaustion.

Since:

1.0.0

Author:

Christian Tzolov

Field Summary

Fields

Modifier and Type	Field	Description
static final int	DEFAULT_MAX_FETCH_SIZE_BYTES	Maximum number of bytes fetched from a media URL.

Constructor Summary

Constructors

Constructor	Description
MediaFetcher()	Creates a MediaFetcher with no host allowlist (blocklist-only protection).
MediaFetcher(Set<String> allowedHosts)	Creates a MediaFetcher with an optional host allowlist.

Method Summary

Modifier and Type	Method	Description
byte[]	fetch(URI uri)	Fetches the content at uri and returns it as a byte array.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DEFAULT_MAX_FETCH_SIZE_BYTES

public static final int DEFAULT_MAX_FETCH_SIZE_BYTES

Maximum number of bytes fetched from a media URL. Protects against memory exhaustion when a user-supplied URL points to arbitrarily large content (40 MB).

See Also:

• Constant Field Values

Constructor Details

MediaFetcher

public MediaFetcher()

Creates a MediaFetcher with no host allowlist (blocklist-only protection).

MediaFetcher

public MediaFetcher(Set<String> allowedHosts)

Creates a MediaFetcher with an optional host allowlist.

When allowedHosts is non-empty, every fetch is checked against this set before the SSRF blocklist. A host is allowed when it either equals an entry exactly (case-insensitive) or matches a wildcard entry of the form *.example.com.

Parameters:

allowedHosts - set of permitted hostnames or wildcard patterns; an empty set disables allowlist enforcement

Method Details

fetch

public byte[] fetch(URI uri)

Fetches the content at uri and returns it as a byte array.

The caller is responsible for validating the URI (protocol, host) before invoking this method. This method enforces size limits and socket-level SSRF protection.

Parameters:

uri - the URI to fetch

Returns:

the response body as a byte array

Throws:

SecurityException - if the response exceeds DEFAULT_MAX_FETCH_SIZE_BYTES or the host resolves to a blocked internal address

org.springframework.web.client.RestClientException - on HTTP or I/O errors