Skip to content
This repository was archived by the owner on Aug 28, 2024. It is now read-only.

Files

Latest commit

239352e · Aug 28, 2024

History

History
36 lines (29 loc) · 1.56 KB

README.md

File metadata and controls

36 lines (29 loc) · 1.56 KB

SafeURL for Scala

Note: The SafeURL libraries are no longer maintained and we recommend considering other SSRF mitigation approaches alongside application-layer SSRF protection libraries. See our 2023 blog post for more details.

Originally Ported by @saelo

Overview

SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as Server Side Request Forgery. It does this by validating each part of the URL against a configurable white or black list before making an HTTP request. S afeURL is open-source and licensed under MIT.

Installation

Clone this repository and import it into your project.

Implementation

SafeURL replaces the Java methods in the URLConnection class that are normally used to make HTTP requests in Scala.

  try {
    //User controlled input
    val url = url_
    //Execute using SafeURL
    val resp = SafeURL.fetch(url)
    val r = Await.result(resp, 500 millis)
  } catch {
    //URL wasnt safe
  }

Configuration

Options such as white and black lists can be modified. For example:

//Deny requests to specific IPs
SafeURL.defaultConfiguration.lists.ip.blacklist ::= "12.34.0.0/16"
//Deny requests to specific domains
SafeURL.defaultConfiguration.lists.domain.blacklist ::= "example.com"