SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as Server Side Request Forgery.
Project description
SafeURL for Python
Ported by @nicolasrod and docs by @momopranto
Overview
SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as Server Side Request Forgery (SSRF). It does this by validating each part of the URL against a configurable white or black list before making an HTTP request. SafeURL is open-source and licensed under MIT.
Note that for mitigating SSRF vulnerabilities, we first recommend routing outbound requests from your infrastructure through a proxy such as Smokescreen. Alternately, ensure that all services which can make outbound requests to potentially user-controlled URLs are firewalled from talking to other internal hosts. Application-layer defences such as this library should only be used if those options are not practical. Please see our blog post for further information.
Installation
Clone this repository and import it into your project.
Implementation
SafeURL serves as a replacement wrapper for PyCurl in Python.
try:
#User controlled input
url = request.args['url']
su = safeurl.SafeURL()
#Execute using SafeURL
res = su.execute(url)
except:
print "Unexpected error:", sys.exc_info()
#URL wasn't safe
Configuration
Options such as white and black lists can be modified. For example:
try:
su = safeurl.SafeURL()
#Create an options object
opt = safeurl.Options()
opt.clearList("whitelist")
opt.clearList("blacklist")
#Allow requests to specific domains
opt.setList("whitelist", ["google.com", "youtube.com"], "domain")
#Restrict urls with the ftp scheme
opt.setList("blacklist",["ftp"],"scheme")
su.setOptions(opt)
res = su.execute("http://www.youtube.com")
except:
print "Unexpected error:", sys.exc_info()
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for SafeURL_Python-1.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0133093f405a404f6d5a18c2d04b3a29e02d7824e1749fe8d73a1ab4b67b30d3 |
|
MD5 | 47aa1c8f4240e73f44f693cdf5e5d2c9 |
|
BLAKE2b-256 | ac7d0a2f9c68c15befcdf9ee2ec2d0485c03d0e9a401669f766b68246f4ca1f1 |