Merge pull request #8 from GhostTypes/sentinel-fix-ssrf-2155436756076202811

GhostTypes · web-flow · commit db8d5b1468f1 · 2026-01-19T09:51:45.000-05:00
🛡️ Sentinel: [CRITICAL] Fix SSRF in proxy endpoint
diff --git a/.jules/sentinel.md b/.jules/sentinel.md
@@ -0,0 +1,4 @@
+## 2024-05-22 - SSRF in Proxy Endpoint
+**Vulnerability:** The `/api/proxy/<path:url>` endpoint accepted and requested any URL provided by the user, including `localhost` and private IP ranges. This allowed potential access to internal network services or the proxy server itself.
+**Learning:** Proxy applications are inherently vulnerable to SSRF. Relying on "it's just a local tool" is insufficient as it might be deployed in containers or environments with access to other services.
+**Prevention:** Implemented strict URL validation (`is_safe_url`) that resolves the hostname and checks if the IP belongs to private/loopback blocks before making the request. Also added timeouts and generic error messages to prevent DoS and info leakage.
diff --git a/server.py b/server.py
@@ -1,7 +1,9 @@
 import cloudscraper
 import time
+import socket
+import ipaddress
 
-from urllib.parse import unquote
+from urllib.parse import unquote, urlparse
 from flask import Flask, request, Response
 
 scraper = cloudscraper.create_scraper(
@@ -41,13 +43,44 @@ def set_origin_and_ref(headers, origin, ref):
 
 def generate_origin_and_ref(url, headers):
     data = url.split('/')
-    first = data[0]
-    base = data[2]
-    c_url = f"{first}//{base}/"
-    headers = set_origin_and_ref(headers, c_url, c_url)
+    if len(data) > 2:
+        first = data[0]
+        base = data[2]
+        c_url = f"{first}//{base}/"
+        headers = set_origin_and_ref(headers, c_url, c_url)
     return headers
 
 
+def is_safe_url(url):
+    """
+    Validates URL to prevent SSRF attacks by blocking local/private IP ranges.
+    """
+    try:
+        parsed = urlparse(url)
+        if parsed.scheme not in ('http', 'https'):
+            return False, "Only HTTP/HTTPS protocols are allowed"
+
+        hostname = parsed.hostname
+        if not hostname:
+            return False, "Invalid hostname"
+
+        try:
+            # Resolve hostname to IP to check against blocklist
+            ip_str = socket.gethostbyname(hostname)
+            ip = ipaddress.ip_address(ip_str)
+        except (socket.gaierror, ValueError):
+            # If we can't resolve it, it might be safer to block or allow if it's external.
+            # For security, fail closed if resolution fails.
+            return False, "Could not resolve hostname or invalid IP"
+
+        if ip.is_loopback or ip.is_private or ip.is_reserved or ip.is_multicast or ip.is_unspecified:
+            return False, "Access to private/local network is forbidden"
+
+        return True, None
+    except Exception:
+        return False, "Invalid URL format"
+
+
 app = Flask(__name__)
 
 HOP_BY_HOP_HEADERS = {
@@ -133,11 +166,18 @@ def get_proxy_request_headers(req, url):
 def handle_proxy(url):
     if request.method == 'GET':
         full_url = get_proxy_request_url(request, url)  # parse request url
+
+        # Sentinel: SSRF Protection
+        is_safe, error_msg = is_safe_url(full_url)
+        if not is_safe:
+            return {'error': error_msg}, 400
+
         headers = get_proxy_request_headers(request, url)  # generate headers for the request
 
         try:
             start = time.time()
-            response = scraper.get(full_url, headers=headers)
+            # Sentinel: Added timeout to prevent hanging
+            response = scraper.get(full_url, headers=headers, timeout=30)
             end = time.time()
             elapsed = end - start
             print(f"Proxied request for {full_url.split('?')[0]} in {elapsed:.6f} seconds")
@@ -147,7 +187,8 @@ def handle_proxy(url):
 
         except Exception as e:
             print(f"Proxy Request Error: {str(e)}")
-            return {'error': str(e)}, 500
+            # Sentinel: Don't leak stack traces or internal details
+            return {'error': "Proxy request failed. Check server logs for details."}, 500
 
 
 if __name__ == "__main__":
diff --git a/tests/test_ssrf.py b/tests/test_ssrf.py
@@ -0,0 +1,78 @@
+import subprocess
+import time
+import requests
+import sys
+import os
+
+SERVER_PORT = 5000
+BASE_URL = f"http://localhost:{SERVER_PORT}"
+
+def wait_for_server():
+    retries = 30
+    while retries > 0:
+        try:
+            # The root path 404s, but connection refused means it's not up
+            requests.get(BASE_URL)
+            return True
+        except requests.exceptions.ConnectionError:
+            time.sleep(0.5)
+            retries -= 1
+    return False
+
+def test_ssrf():
+    print("Starting server...")
+    # Start server in background
+    # We use sys.executable to ensure we use the same python interpreter
+    process = subprocess.Popen([sys.executable, "server.py"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+
+    try:
+        if not wait_for_server():
+            print("Server failed to start")
+            sys.exit(1)
+
+        print("Server started. Running tests...")
+
+        # Test 1: Proxy to google.com (Valid)
+        # We might not have internet access in some sandboxes, but let's assume we do or handle it.
+        # If we don't have internet, this might fail with connection error, but the status code won't be 400 from our validation.
+        print("Testing valid external URL...")
+        try:
+            resp = requests.get(f"{BASE_URL}/api/proxy/http://example.com")
+            print(f"External URL Status: {resp.status_code}")
+            # It might be 200 or 500 depending on network, but we are looking for behavior.
+        except Exception as e:
+            print(f"External URL Request failed: {e}")
+
+        # Test 2: SSRF to localhost (Vulnerability)
+        # We try to proxy to the server itself.
+        # Since the server has no root route, accessing http://127.0.0.1:5000/ should return 404.
+        # If the proxy works, it will return that 404 (or 500 if recursive blowup).
+        # If blocked, it should return 400 (or whatever we decide).
+        print("Testing SSRF to localhost...")
+        target_url = f"http://127.0.0.1:{SERVER_PORT}/"
+        proxy_url = f"{BASE_URL}/api/proxy/{target_url}"
+
+        resp = requests.get(proxy_url)
+        print(f"SSRF Status: {resp.status_code}")
+
+        # In the vulnerable state, we expect the code to execute the request.
+        # Since 127.0.0.1:5000/ returns 404, the proxy will return 404.
+        if resp.status_code == 404:
+            print("VULNERABILITY CONFIRMED: Proxied request to localhost (received 404 from internal).")
+        elif resp.status_code == 200:
+             print("VULNERABILITY CONFIRMED: Proxied request to localhost (received 200).")
+        elif resp.status_code == 500:
+            # 500 could mean it tried and failed (e.g. max retries), which still means it tried.
+            print("VULNERABILITY CONFIRMED: Proxied request to localhost (received 500).")
+        elif resp.status_code == 400 or resp.status_code == 403:
+            print("SECURE: Request to localhost blocked.")
+        else:
+            print(f"Unexpected status: {resp.status_code}")
+
+    finally:
+        print("Stopping server...")
+        process.terminate()
+        process.wait()
+
+if __name__ == "__main__":
+    test_ssrf()
