Página inicial Explorar Ajuda
Entrar
yunoadmin
/
bambuddy
mirror de https://github.com/maziggy/bambuddy
1
0
Fork 0
Arquivos Issues 0 Wiki
Tree: 4a98914d4a
Branches Tags
bambuddy
/
backend
/
app
/
api
/
routes
/
_url_safety.py

_url_safety.py 2.0 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 
  1. """Shared URL-safety primitives used by both SSRF guards in this package.
    2. 

  2. 

  3. The two top-level assertion functions —
    4. 

  4. ``_spoolman_helpers.assert_safe_spoolman_url`` (Spoolman, deliberately allows
    5. 

  5. loopback/RFC-1918 because same-LAN deployment is the standard topology) and
    6. 

  6. ``_oidc_helpers.assert_safe_public_https_url`` (OIDC icons, must be reachable
    7. 

  7. on the public internet, so loopback/private are rejected) — share the
    8. 

  8. *data* (cloud-metadata IP set, numeric-encoded-IP regex) but not the
    9. 

  9. *policy*. Only the data lives here. The functions stay in their respective
    10. 

  10. modules with their distinct policies intact.
    11. 

  11. """
    12. 

  12. 

  13. from __future__ import annotations
    14. 

  14. 

  15. import ipaddress
    16. 

  16. import re
    17. 

  17. 

  18. # Cloud-provider metadata endpoints — the classic SSRF credential-exfil
    19. 

  19. # targets. Both guards reject these unconditionally.
    20. 

  20. CLOUD_METADATA_IPS = frozenset(
    21. 

  21.     {
    22. 

  22.         # AWS / GCP / Azure / Oracle / DigitalOcean IMDS
    23. 

  23.         ipaddress.ip_address("169.254.169.254"),
    24. 

  24.         # Alibaba Cloud metadata
    25. 

  25.         ipaddress.ip_address("100.100.100.200"),
    26. 

  26.         # AWS IMDS IPv6
    27. 

  27.         ipaddress.ip_address("fd00:ec2::254"),
    28. 

  28.     }
    29. 

  29. )
    30. 

  30. 

  31. 

  32. # libc and browsers parse numeric-encoded IP forms (decimal ``2130706433``
    33. 

  33. # for 127.0.0.1, hex ``0x7f000001``) but Python's ``ipaddress.ip_address``
    34. 

  34. # raises ValueError on these, so they slip past the IP-class checks if
    35. 

  35. # not caught first. Used by both guards to reject up-front.
    36. 

  36. NUMERIC_IP_RE = re.compile(r"^(0x[0-9a-f]+|[0-9]+)$", re.I)
    37. 

  37. 

  38. 

  39. def unwrap_ipv4_mapped(
    40. 

  40.     addr: ipaddress.IPv4Address | ipaddress.IPv6Address,
    41. 

  41. ) -> ipaddress.IPv4Address | ipaddress.IPv6Address:
    42. 

  42.     """Return the underlying IPv4 for an IPv4-mapped IPv6 address, else return *addr*.
    43. 

  43. 

  44.     ``::ffff:127.0.0.1`` and similar mapped forms must be unwrapped before
    45. 

  45.     the per-class checks (``is_private``, ``is_loopback``, …) — otherwise
    46. 

  46.     an attacker can encode a blocked IPv4 address as an IPv6 literal to
    47. 

  47.     bypass the guard.
    48. 

  48.     """
    49. 

  49.     if isinstance(addr, ipaddress.IPv6Address) and addr.ipv4_mapped is not None:
    50. 

  50.         return addr.ipv4_mapped
    51. 

  51.     return addr
    52.