bridge.utils.safe_url

SSRF-safe URL fetching utilities.

Provides helpers that validate URLs against non-public IP addresses before fetching, mitigating Server-Side Request Forgery (SSRF) when loading remote resources from untrusted inputs (e.g. dataset entries, user-supplied image URLs).

Module Contents

Functions

is_safe_public_http_url	Check that url is a public http(s) URL safe to fetch.
safe_url_open	Open url via a urllib opener that re-validates redirect targets.

Data

ALLOW_PRIVATE_URL_FETCH_ENV

API

bridge.utils.safe_url.ALLOW_PRIVATE_URL_FETCH_ENV

‘MEGATRON_BRIDGE_ALLOW_PRIVATE_URL_FETCH’

bridge.utils.safe_url.is_safe_public_http_url(url: str) → tuple[bool, str]

Check that url is a public http(s) URL safe to fetch.

Rejects non-http schemes, missing hostnames, and any hostname that resolves to a loopback, private (RFC 1918), link-local, multicast, reserved, or unspecified address. Used to mitigate SSRF when fetching remote URLs from untrusted inputs.

Set MEGATRON_BRIDGE_ALLOW_PRIVATE_URL_FETCH=1 to bypass (trusted networks only).

Returns:

Tuple of (is_safe, reason). reason is empty when safe.

bridge.utils.safe_url.safe_url_open(url: str)

Open url via a urllib opener that re-validates redirect targets.

Prevents SSRF via redirect: a public URL returning a 3xx to an internal address would otherwise bypass :func:is_safe_public_http_url. The initial URL must already have been validated by the caller.