Scala implementation of SafeURL
Scala
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
examples
src/com/includesecurity/safeurl
LICENSE
README.md

README.md

SafeURL for Scala

Originally Ported by @saelo

Overview

SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as Server Side Request Forgery. It does this by validating each part of the URL against a configurable white or black list before making an HTTP request. S afeURL is open-source and licensed under MIT.

Installation

Clone this repository and import it into your project.

Implementation

SafeURL replaces the Java methods in the URLConnection class that are normally used to make HTTP requests in Scala.

  try {
    //User controlled input
    val url = url_
    //Execute using SafeURL
    val resp = SafeURL.fetch(url)
    val r = Await.result(resp, 500 millis)
  } catch {
    //URL wasnt safe
  }

Configuration

Options such as white and black lists can be modified. For example:

//Deny requests to specific IPs
SafeURL.defaultConfiguration.lists.ip.blacklist ::= "12.34.0.0/16"
//Deny requests to specific domains
SafeURL.defaultConfiguration.lists.domain.blacklist ::= "example.com"