Description

Detects potential Server-Side Request Forgery (SSRF) vulnerabilities in Python HTTP requests where URLs are not properly validated. SSRF occurs when an attacker can manipulate URL parameters to make server-side requests to arbitrary destinations, potentially accessing internal resources or services.

Detection Strategy

• Identifies HTTP request function calls like requests.get(), requests.post(), urllib.request.urlopen(), etc.

• Examines the arguments passed to these HTTP request functions

• Reports a vulnerability when URL parameters in the request can be controlled through user input or variables without proper validation

• Checks both direct function calls and imported HTTP request methods through aliases

Vulnerable code example

from flask import Flask, request
import requests

app = Flask(__name__)

@app.route("/fetch")
def vulnerable_fetcher():
    url = request.args.get('url')...

✅ Secure code example

from flask import Flask, request
from urllib.parse import urlparse
import requests

app = Flask(__name__)

# Whitelist of allowed domains and schemes
ALLOWED_DOMAINS = {'api.example.com', 'internal.trusted-domain.com'}...