Source: DeepSec Rust-focused direct pass 20260507013924-5f4812745ba339b2.
Severity: CRITICAL
Confidence: medium
File: crates/bashkit/src/network/client.rs:402
Slug: ssrf
Finding
HttpClient performs a best-effort DNS/private-IP precheck, then calls a custom HttpHandler directly when one is configured. The reqwest PrivateIpFilteringResolver is only installed on the default reqwest client, so network-capable custom handlers do not get the connect-time protection that prevents DNS rebinding between validation and send.
The precheck also fails open on DNS lookup errors. A script can request an allowlisted attacker-controlled hostname that resolves public during the precheck and private when the handler connects, causing SSRF if the handler proxies or performs real HTTP.
Suggested Fix
Do not treat pre-resolution as the security boundary for network-capable handlers.
Options:
- provide handlers with a prevalidated resolved endpoint
- require/verify the same private-IP filtering in a handler adapter
- fail closed on DNS check failures
- document custom handlers as fully responsible for SSRF enforcement
Source: DeepSec Rust-focused direct pass
20260507013924-5f4812745ba339b2.Severity: CRITICAL
Confidence: medium
File:
crates/bashkit/src/network/client.rs:402Slug:
ssrfFinding
HttpClientperforms a best-effort DNS/private-IP precheck, then calls a customHttpHandlerdirectly when one is configured. The reqwestPrivateIpFilteringResolveris only installed on the default reqwest client, so network-capable custom handlers do not get the connect-time protection that prevents DNS rebinding between validation and send.The precheck also fails open on DNS lookup errors. A script can request an allowlisted attacker-controlled hostname that resolves public during the precheck and private when the handler connects, causing SSRF if the handler proxies or performs real HTTP.
Suggested Fix
Do not treat pre-resolution as the security boundary for network-capable handlers.
Options: