Sandbox URL Creation

[denniszelada]

This PR sandbox calls to requests.get to be more resistant to Server-Side Request Forgery (SSRF) attacks.

Most of the time, when you make a GET request to a URL, you intend to reference an HTTP endpoint, like an internal microservice. However, URLs can point to local file system files, a Gopher stream in your local network, a JAR file on a remote Internet site, and all kinds of other unexpected and undesirable outcomes. When the URL values are influenced by attackers, they can trick your application into fetching internal resources, running malicious code, or otherwise harming the system.

In this case, an attacker could supply a value like "http://169.254.169.254/user-data/" and attempt to access user information.

The changes introduce sandboxing around URL creation that forces developers to specify some boundaries on the types of URLs they expect to create:

from flask import Flask, request

• import requests

• from security import safe_requests

  app = Flask(name)

  @app.route("/request-url")
  def request_url():
  url = request.args["loc"]

• resp = requests.get(url)

• resp = safe_requests.get(url)
  ...
  This change reduces attack surface significantly because of the default behavior of safe_requests.get raises a SecurityException if a user attempts to access a known infrastructure location, unless specifically disabled.

Dependency Updates
This PR relies on an external dependency. We have automatically added this dependency to your project's requirements.txt file.

This library holds security tools for protecting Python API calls.

[CLAassistant]

All committers have signed the CLA.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud