UNKNOWN
Project description
# SafeURL for Python
### Ported by [@nicolasrod](https://github.com/nicolasrod) and docs by [@momopranto](https://github.com/momopranto)
## Overview
SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as [Server Side Request Forgery](http://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/). It does this by validating each part of the URL against a configurable white or black list before making an HTTP request. SafeURL is open-source and licensed under MIT.
## Installation
Clone this repository and import it into your project.
## Implementation
SafeURL serves as a replacement wrapper for [PyCurl](http://pycurl.io/) in Python.
```python
try:
#User controlled input
url = request.args['url']
su = safeurl.SafeURL()
#Execute using SafeURL
res = su.execute(url)
except:
print "Unexpected error:", sys.exc_info()
#URL wasn't safe
```
## Configuration
Options such as white and black lists can be modified. For example:
```python
try:
su = safeurl.SafeURL()
#Create an options object
opt = safeurl.Options()
opt.clearList("whitelist")
opt.clearList("blacklist")
#Allow requests to specific domains
opt.setList("whitelist", ["google.com", "youtube.com"], "domain")
#Restrict urls with the ftp scheme
opt.setList("blacklist",["ftp"],"scheme")
su.setOptions(opt)
res = su.execute("http://www.youtube.com")
except:
print "Unexpected error:", sys.exc_info()
```
### Ported by [@nicolasrod](https://github.com/nicolasrod) and docs by [@momopranto](https://github.com/momopranto)
## Overview
SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as [Server Side Request Forgery](http://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/). It does this by validating each part of the URL against a configurable white or black list before making an HTTP request. SafeURL is open-source and licensed under MIT.
## Installation
Clone this repository and import it into your project.
## Implementation
SafeURL serves as a replacement wrapper for [PyCurl](http://pycurl.io/) in Python.
```python
try:
#User controlled input
url = request.args['url']
su = safeurl.SafeURL()
#Execute using SafeURL
res = su.execute(url)
except:
print "Unexpected error:", sys.exc_info()
#URL wasn't safe
```
## Configuration
Options such as white and black lists can be modified. For example:
```python
try:
su = safeurl.SafeURL()
#Create an options object
opt = safeurl.Options()
opt.clearList("whitelist")
opt.clearList("blacklist")
#Allow requests to specific domains
opt.setList("whitelist", ["google.com", "youtube.com"], "domain")
#Restrict urls with the ftp scheme
opt.setList("blacklist",["ftp"],"scheme")
su.setOptions(opt)
res = su.execute("http://www.youtube.com")
except:
print "Unexpected error:", sys.exc_info()
```
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
safeurl-python-1.0.tar.gz
(1.4 kB
view hashes)
Built Distribution
Close
Hashes for safeurl-python-1.0.cygwin-1.7.35-i686.exe
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2e3e3eba66a447f6fe8457024b4bab2c0907b86aefccf482db033cc14c75d7e1 |
|
MD5 | 4df2b86e4a624af32ce42aa01d4f4a1e |
|
BLAKE2b-256 | 15ed55ac6a341f6a3615c100b24baa8f735ed90026da3e031fec0facd7ae1769 |