Skip to content

🛡️ Sentinel: [CRITICAL] Fix SSRF vulnerability in folder URL validation #95

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
google-labs-jules wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

🛡️ Sentinel: [CRITICAL] Fix SSRF vulnerability in folder URL validation #95

google-labs-jules wants to merge 1 commit into from

Conversation

@google-labs-jules
Copy link

@google-labs-jules google-labs-jules bot commented Jan 12, 2026

🛡️ Sentinel: [CRITICAL] Fix SSRF vulnerability in folder URL validation

🚨 Severity: CRITICAL
💡 Vulnerability: SSRF (Server-Side Request Forgery)
The `validate_folder_url` function previously allowed domains that resolve to private or link-local IP addresses, bypassing the IP blocklist. This could allow an attacker to cause the server to make requests to internal services or cloud metadata endpoints (e.g., 169.254.169.254).

🎯 Impact:
- Access to internal services not exposed to the internet.
- Potential exposure of cloud instance metadata (credentials, configuration).

🔧 Fix:
- Modified `validate_folder_url` in `main.py` to resolve domain names to IPs.
- Added checks for `is_private`, `is_loopback`, and `is_link_local` on the resolved IP.
- Ensures that if DNS resolution fails, the URL is treated as invalid.

✅ Verification:
- Verified that standard URLs (githubusercontent) still pass.
- Verified (via test case) that domains resolving to private IPs (e.g., 192.168.1.5) are rejected.
- Verified that domains resolving to link-local IPs (169.254.169.254) are rejected.

PR created automatically by Jules for task 8251628476994637157 started by @abhimehro

@google-labs-jules
feat: Fix SSRF vulnerability in folder URL validation
2f13551 
    The previous validation logic checked for private IPs only if the input was an IP literal.
    Domains resolving to private IPs or link-local addresses (e.g., cloud metadata services) were allowed.

    This commit adds:
    1.  DNS resolution for domain names using `socket.gethostbyname`.
    2.  Validation of the resolved IP against private, loopback, and link-local ranges.
    3.  Handling of DNS resolution failures (fail-closed).

    This prevents attackers from using internal domains or rebinding attacks to access internal services via the folder URL parameter.
@google-labs-jules
Copy link
Author

google-labs-jules bot commented Jan 12, 2026

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

@trunk-io
Copy link

trunk-io bot commented Jan 12, 2026

Merging to main in this repository is managed by Trunk.

  • To merge this pull request, check the box to the left or comment /trunk merge below.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 12, 2026
View reviewed changes
.jules/sentinel.md
**Prevention:**
1. Parse URLs and check hostnames against `localhost` and private IP ranges using `ipaddress` module.
2. Enforce strict length limits on user inputs (e.g., profile IDs) to prevent resource exhaustion or buffer abuse.
## 2024-03-25 - [SSRF Protection Gap]

Check notice

Code scanning / Remark-lint (reported by Codacy)

Warn when references to undefined definitions are found. Note

[no-undefined-references] Found reference to undefined definition
.jules/sentinel.md
**Prevention:**
1. Parse URLs and check hostnames against `localhost` and private IP ranges using `ipaddress` module.
2. Enforce strict length limits on user inputs (e.g., profile IDs) to prevent resource exhaustion or buffer abuse.
## 2024-03-25 - [SSRF Protection Gap]

Check notice

Code scanning / Remark-lint (reported by Codacy)

Warn when shortcut reference links are used. Note

[no-shortcut-reference-link] Use the trailing [] on reference links
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 12, 2026
View reviewed changes
main.py
# Not an IP literal, resolve it
try:
resolved_ip = socket.gethostbyname(hostname)
ip = ipaddress.ip_address(resolved_ip)

Check warning

Code scanning / Pylint (reported by Codacy)

Variable name "ip" doesn't conform to snake_case naming style Warning

Variable name "ip" doesn't conform to snake_case naming style
main.py
resolved_ip = socket.gethostbyname(hostname)
ip = ipaddress.ip_address(resolved_ip)
if ip.is_private or ip.is_loopback or ip.is_link_local:
log.warning(f"Skipping unsafe URL (resolved to private/local IP {resolved_ip}): {sanitize_for_log(url)}")

Check warning

Code scanning / Pylint (reported by Codacy)

Line too long (125/100) Warning

Line too long (125/100)
main.py
log.warning(f"Skipping unsafe URL (resolved to private/local IP {resolved_ip}): {sanitize_for_log(url)}")
return False
except socket.gaierror:
log.warning(f"Skipping invalid URL (DNS resolution failed): {sanitize_for_log(url)}")

Check warning

Code scanning / Pylint (reported by Codacy)

Line too long (101/100) Warning

Line too long (101/100)
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 12, 2026
View reviewed changes
main.py
if ip.is_private or ip.is_loopback:
log.warning(f"Skipping unsafe URL (private IP): {sanitize_for_log(url)}")
if ip.is_private or ip.is_loopback or ip.is_link_local:
log.warning(f"Skipping unsafe URL (private/local IP): {sanitize_for_log(url)}")

Check warning

Code scanning / Prospector (reported by Codacy)

Use lazy % formatting in logging functions (logging-fstring-interpolation) Warning

Use lazy % formatting in logging functions (logging-fstring-interpolation)
main.py
resolved_ip = socket.gethostbyname(hostname)
ip = ipaddress.ip_address(resolved_ip)
if ip.is_private or ip.is_loopback or ip.is_link_local:
log.warning(f"Skipping unsafe URL (resolved to private/local IP {resolved_ip}): {sanitize_for_log(url)}")

Check warning

Code scanning / Prospector (reported by Codacy)

Use lazy % formatting in logging functions (logging-fstring-interpolation) Warning

Use lazy % formatting in logging functions (logging-fstring-interpolation)
main.py
log.warning(f"Skipping unsafe URL (resolved to private/local IP {resolved_ip}): {sanitize_for_log(url)}")
return False
except socket.gaierror:
log.warning(f"Skipping invalid URL (DNS resolution failed): {sanitize_for_log(url)}")

Check warning

Code scanning / Prospector (reported by Codacy)

Use lazy % formatting in logging functions (logging-fstring-interpolation) Warning

Use lazy % formatting in logging functions (logging-fstring-interpolation)
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 12, 2026
View reviewed changes
main.py
# Not an IP literal, resolve it
try:
resolved_ip = socket.gethostbyname(hostname)
ip = ipaddress.ip_address(resolved_ip)

Check warning

Code scanning / Pylintpython3 (reported by Codacy)

Variable name "ip" doesn't conform to snake_case naming style Warning

Variable name "ip" doesn't conform to snake_case naming style
main.py
resolved_ip = socket.gethostbyname(hostname)
ip = ipaddress.ip_address(resolved_ip)
if ip.is_private or ip.is_loopback or ip.is_link_local:
log.warning(f"Skipping unsafe URL (resolved to private/local IP {resolved_ip}): {sanitize_for_log(url)}")

Check warning

Code scanning / Pylintpython3 (reported by Codacy)

Line too long (125/100) Warning

Line too long (125/100)
main.py
log.warning(f"Skipping unsafe URL (resolved to private/local IP {resolved_ip}): {sanitize_for_log(url)}")
return False
except socket.gaierror:
log.warning(f"Skipping invalid URL (DNS resolution failed): {sanitize_for_log(url)}")

Check warning

Code scanning / Pylintpython3 (reported by Codacy)

Line too long (101/100) Warning

Line too long (101/100)
main.py
if ip.is_private or ip.is_loopback:
log.warning(f"Skipping unsafe URL (private IP): {sanitize_for_log(url)}")
if ip.is_private or ip.is_loopback or ip.is_link_local:
log.warning(f"Skipping unsafe URL (private/local IP): {sanitize_for_log(url)}")

Check notice

Code scanning / Pylintpython3 (reported by Codacy)

Use lazy % formatting in logging functions Note

Use lazy % formatting in logging functions
main.py
resolved_ip = socket.gethostbyname(hostname)
ip = ipaddress.ip_address(resolved_ip)
if ip.is_private or ip.is_loopback or ip.is_link_local:
log.warning(f"Skipping unsafe URL (resolved to private/local IP {resolved_ip}): {sanitize_for_log(url)}")

Check notice

Code scanning / Pylintpython3 (reported by Codacy)

Use lazy % formatting in logging functions Note

Use lazy % formatting in logging functions
main.py
log.warning(f"Skipping unsafe URL (resolved to private/local IP {resolved_ip}): {sanitize_for_log(url)}")
return False
except socket.gaierror:
log.warning(f"Skipping invalid URL (DNS resolution failed): {sanitize_for_log(url)}")

Check notice

Code scanning / Pylintpython3 (reported by Codacy)

Use lazy % formatting in logging functions Note

Use lazy % formatting in logging functions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant