Skip to content
This repository was archived by the owner on Aug 29, 2024. It is now read-only.

FQDN fixes #6

Merged
merged 2 commits into from
Jun 23, 2023
Merged

FQDN fixes #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e04b263
Add FQDN check and README alternatives message
includesec-ltennant Jun 23, 2023
12d48c3
Dedup requirements
includesec-ltennant Jun 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@
### Ported by [@nicolasrod](https://github.com/nicolasrod) and docs by [@momopranto](https://github.com/momopranto)

## Overview
SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as [Server Side Request Forgery](http://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/). It does this by validating each part of the URL against a configurable white or black list before making an HTTP request. SafeURL is open-source and licensed under MIT.
SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as [Server Side Request Forgery (SSRF)](http://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/). It does this by validating each part of the URL against a configurable white or black list before making an HTTP request. SafeURL is open-source and licensed under MIT.

Note that for mitigating SSRF vulnerabilities, we first recommend routing outbound requests from your infrastructure through a proxy such as [Smokescreen](https://github.com/stripe/smokescreen). Alternately, ensure that all services which can make outbound requests to potentially user-controlled URLs are firewalled from talking to other internal hosts. Application-layer defences such as this library should only be used if those options are not practical. Please see [our blog post](https://blog.includesecurity.com/2023/03/mitigating-ssrf-in-2023/) for further information.

## Installation
Clone this repository and import it into your project.
Expand Down
10 changes: 5 additions & 5 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
[project]
name = "SafeURL-Python"
version="1.2"
version="1.3"
description="SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as Server Side Request Forgery."
readme="README.md"
dependencies = [
"pycurl",
"netaddr"
]
dynamic = ["dependencies"]

[tool.setuptools.dynamic]
dependencies = {file = ["requirements.txt"]}

[project.urls]
"Homepage" = "https://github.com/IncludeSecurity/safeurl-python"
1 change: 1 addition & 0 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
netaddr
pycurl
2 changes: 1 addition & 1 deletion safeurl/safeurl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ def isInList(self, lst, type_, value):

if type_ == "domain":
for domain in dst:
if domain.lower() == value.lower():
if domain.lower().strip(".") == value.lower().strip("."):
return True
return False
else:
Expand Down
14 changes: 14 additions & 0 deletions safeurl/safeurl_tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,17 @@
print("Error:", sys.exc_info())


# fqdn
try:
sc = safeurl.SafeURL()

opt = safeurl.Options()
opt.setList("blacklist", ["example.com"], "domain")
sc.setOptions(opt)

res = sc.execute("https://example.com.")

except:
print("Error:", sys.exc_info())