Skip to content

SsrfGuard

Category: Web

Source: ssrf_guard.dart

Classes

SsrfBlockedException

Thrown when a URL targets a network location Glue refuses to fetch: loopback, private, link-local (including the cloud metadata endpoint), ULA, multicast, unspecified, or an unsupported scheme.

Constructor

dart
SsrfBlockedException(this.url, this.reason)

Properties

PropertyTypeDescription
urlString
reasonString

Methods

String toString()

SsrfGuard

Guards outbound fetches of caller/model-supplied URLs against SSRF.

The web_fetch / web_search / browser tools are auto-allowed (they run without a human approval prompt), so a prompt injection that steers the model to fetch http://169.254.169.254/… could read cloud IAM credentials and exfiltrate them. This guard resolves the target host up front and refuses any address that is not publicly routable, and re-validates on every redirect hop (metadata endpoints are frequently reached via a 30x bounce).

Constructor

dart
SsrfGuard({HostResolver? resolver, this.maxRedirects = 5})

Properties

PropertyTypeDescription
maxRedirectsint
bytesfinal
mappedPrefixfinal
b0final
b1final

Methods

Future<void> validate(Uri uri)

Validates [uri]'s scheme and host, resolving the host and rejecting if ANY resolved address is non-public. Throws [SsrfBlockedException] on rejection. Literal-IP hosts are checked directly (no DNS lookup).

Functions

bool isBlockedAddress(InternetAddress addr)

Whether [addr] is NOT a publicly routable address and must be refused: loopback, private, link-local (incl. 169.254.169.254), ULA, multicast, unspecified, CGNAT, or reserved. IPv4-mapped IPv6 addresses are unwrapped and checked as IPv4.

Released under the MIT License.