Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

UNKNOWN

Project Description

# SafeURL for Python
### Ported by [@nicolasrod](https://github.com/nicolasrod) and docs by [@momopranto](https://github.com/momopranto)

## Overview
SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as [Server Side Request Forgery](http://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/). It does this by validating each part of the URL against a configurable white or black list before making an HTTP request. SafeURL is open-source and licensed under MIT.

## Installation
Clone this repository and import it into your project.

## Implementation
SafeURL serves as a replacement wrapper for [PyCurl](http://pycurl.io/) in Python.

```python
try:
#User controlled input
url = request.args['url']
su = safeurl.SafeURL()
#Execute using SafeURL
res = su.execute(url)
except:
print "Unexpected error:", sys.exc_info()
#URL wasn't safe
```

## Configuration
Options such as white and black lists can be modified. For example:

```python
try:
su = safeurl.SafeURL()
#Create an options object
opt = safeurl.Options()
opt.clearList("whitelist")
opt.clearList("blacklist")
#Allow requests to specific domains
opt.setList("whitelist", ["google.com", "youtube.com"], "domain")
#Restrict urls with the ftp scheme
opt.setList("blacklist",["ftp"],"scheme")

su.setOptions(opt)
res = su.execute("http://www.youtube.com")
except:
print "Unexpected error:", sys.exc_info()
```

Release History

This version
History Node

1.0

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, Size & Hash SHA256 Hash Help File Type Python Version Upload Date
safeurl-python-1.0.cygwin-1.7.35-i686.exe
(57.4 kB) Copy SHA256 Hash SHA256
Windows Installer any Aug 22, 2016
safeurl-python-1.0.tar.gz
(1.4 kB) Copy SHA256 Hash SHA256
Source None Aug 22, 2016

Supported By

Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Google Google Cloud Servers DreamHost DreamHost Log Hosting