SS01 SSRF Risk Patterns

What this means

SiteShadow flagged SSRF *policy-level* risk patterns: the server makes outbound requests where the destination (host/IP/path/redirect chain) is influenced by untrusted input.

Why it matters

SSRF can expose internal services or cloud metadata.

SSRF often becomes cloud credential theft via metadata endpoints.
It can be used to scan internal networks and hit services not meant to be public.
It can bypass assumptions like "that service isn't internet-facing."

Safer examples

1) Allowlist destinations (best default)

from urllib.parse import urlparse

allowed_hosts = {"api.stripe.com", "webhook.partner.com"}
u = urlparse(user_url)
if u.hostname not in allowed_hosts:
    raise ValueError("Destination not allowed")

2) Normalize + block private/metadata ranges

Block localhost, RFC1918, link-local, and cloud metadata ranges (and watch out for redirects and DNS rebinding).

3) Harden outbound request behavior

Set short timeouts
Limit redirects (or disable)
Restrict ports/schemes (https only)

How SiteShadow detects it (high level)

Looks for outbound HTTP clients where the destination is derived from user input.
Flags missing allowlists and destination validation around URL parsing and redirect handling.

References

CWE-918: https://cwe.mitre.org/data/definitions/918.html

---

← Back to Vulnerability Library

Request access View coverage