SafeURL for Python
@nicolasrod and docs by @momoprantoPorted by
SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as Server Side Request Forgery. It does this by validating each part of the URL against a configurable white or black list before making an HTTP request. SafeURL is open-source and licensed under MIT.
Clone this repository and import it into your project.
SafeURL serves as a replacement wrapper for PyCurl in Python.
try: #User controlled input url = request.args['url'] su = safeurl.SafeURL() #Execute using SafeURL res = su.execute(url) except: print "Unexpected error:", sys.exc_info() #URL wasn't safe
Options such as white and black lists can be modified. For example:
try: su = safeurl.SafeURL() #Create an options object opt = safeurl.Options() opt.clearList("whitelist") opt.clearList("blacklist") #Allow requests to specific domains opt.setList("whitelist", ["google.com", "youtube.com"], "domain") #Restrict urls with the ftp scheme opt.setList("blacklist",["ftp"],"scheme") su.setOptions(opt) res = su.execute("http://www.youtube.com") except: print "Unexpected error:", sys.exc_info()