Description

Detects Server-Side Request Forgery (SSRF) vulnerabilities in Python code where unvalidated URLs from user input are passed to HTTP session/request libraries. This could allow attackers to make unauthorized requests to internal or external systems using the application's privileges.

Detection Strategy

• Identify usage of Python HTTP session libraries (requests, urllib, etc.)

• Look for session/request method calls that accept URLs as parameters

• Check if the URL parameter originates from user-controlled input sources

• Report a vulnerability if user input flows into URL parameters without proper validation

Vulnerable code example

from flask import Flask, request
import requests

app = Flask(__name__)

@app.route("/vulnerable")
def vulnerable_endpoint():
    session = requests.Session()...

✅ Secure code example

from flask import Flask, request
import requests
from urllib.parse import urlparse

app = Flask(__name__)

@app.route("/vulnerable")
def vulnerable_endpoint():...