Unsanitized user input in HTTP request (SSRF)
- Rule ID: python_lang_http_url_using_user_input
- Languages: python
- Source: http_url_using_user_input.yml
Description
Your application is vulnerable to Server-Side Request Forgery (SSRF) attacks when it connects to URLs that include user-supplied data. This vulnerability occurs because attackers can manipulate these URLs to force your application to make unintended requests to internal or external resources.
Remediations
- Do not directly include user input in HTTP URLs. This practice can lead to SSRF vulnerabilities, where attackers exploit the application to send requests to unintended destinations.
host = request.GET["host"]
urllib.request.urlopen(f"https://{host}") # unsafe - Do validate or map user input against a predefined list of safe values before using it to form URLs. This approach ensures that the application only connects to intended and safe locations.
host = "api1.com" if request.GET["host"] == "option1" else "api2.com"
urllib.request.urlopen(f"https://{host}")
References
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=python_lang_http_url_using_user_input
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=python_lang_http_url_using_user_input