SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as Server Side Request Forgery.
Project description
SafeURL for Python
Ported by @nicolasrod and docs by @momopranto
Overview
SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as Server Side Request Forgery. It does this by validating each part of the URL against a configurable white or black list before making an HTTP request. SafeURL is open-source and licensed under MIT.
Installation
Clone this repository and import it into your project.
Implementation
SafeURL serves as a replacement wrapper for PyCurl in Python.
try:
#User controlled input
url = request.args['url']
su = safeurl.SafeURL()
#Execute using SafeURL
res = su.execute(url)
except:
print "Unexpected error:", sys.exc_info()
#URL wasn't safe
Configuration
Options such as white and black lists can be modified. For example:
try:
su = safeurl.SafeURL()
#Create an options object
opt = safeurl.Options()
opt.clearList("whitelist")
opt.clearList("blacklist")
#Allow requests to specific domains
opt.setList("whitelist", ["google.com", "youtube.com"], "domain")
#Restrict urls with the ftp scheme
opt.setList("blacklist",["ftp"],"scheme")
su.setOptions(opt)
res = su.execute("http://www.youtube.com")
except:
print "Unexpected error:", sys.exc_info()
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
SafeURL-Python-1.2.tar.gz
(7.5 kB
view hashes)
Built Distribution
Close
Hashes for SafeURL_Python-1.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 72e725f7c21fa64b90c99cd0b77c79e6b831c270bc5d571ca1c58a54b8bd1992 |
|
MD5 | 4e10a036ce70bb9bb1add23b6778e688 |
|
BLAKE2b-256 | 9bde57b2892753a2b67162a42dda1d86041ec6b5260991a59c54df34f00c4a6a |