jedarden/pdftract
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(pdftract-core): add SSRF protection (TH-05) and URL_PRIVATE_NETWORK diagnostic

Browse source 
Add URL validation module to prevent SSRF attacks by blocking:
- RFC 1918 private IPv4 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
- IPv6 ULA (fc00::/7, fd00::/8)
- Loopback addresses (127.0.0.0/8, ::1)
- Link-local addresses (169.254.0.0/16, fe80::/10)
- Cloud metadata endpoints (169.254.169.254, metadata.google.internal, etc.)
- Non-https schemes (http://, ftp://, file://)

Add URL_PRIVATE_NETWORK diagnostic code to diagnostics catalog.
Add comprehensive test suite in tests/th_05_ssrf_block.rs covering:
- 20+ dangerous URL payloads across all categories
- --allow-private-networks bypass functionality
- IPv6 zone ID detection
- Metadata subdomain detection
- Boundary address validation

Closes: pdftract-zgdkf (TH-05 test: SSRF block)
This commit is contained in:
jedarden 2026-05-24 01:50:12 -04:00
parent 027d3b4ee4
commit 76114da985
5 changed files with 769 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
crates/pdftract-core/Cargo.toml
View file

@ -11,6 +11,7 @@ publish = true
anyhow = { workspace = true }
hex = "0.4"
image = { version = "0.25", optional = true }
url = { version = "2.5", optional = true }
leptonica-plumbing = { version = "1.4", optional = true }
pdfium-render = { version = "0.9", optional = true }
tesseract = { version = "0.15", optional = true }
@ -44,6 +45,7 @@ schemars = ["dep:schemars", "serde"]
receipts = [] # Enable visual citation receipts (SVG clip generation)
ocr = ["dep:image", "dep:leptonica-plumbing", "dep:quick-xml"] # Enable OCR path (image compositing + preprocessing + HOCR parsing)
full-render = ["dep:pdfium-render", "ocr"] # Enable PDFium-based rendering (requires ocr)
remote = ["dep:url"] # Enable remote HTTP source (Phase 1.8)
proptest = []
fuzzing = [] # Enable cfg(fuzzing) for fuzz harnesses
shape-db = [] # Enable glyph shape database (Level 4 encoding fallback)

22
crates/pdftract-core/src/diagnostics.rs
View file

@ -713,6 +713,15 @@ pub enum DiagCode {
/// Phase origin: 1.8
RemoteDnsFailed,
/// URL targets private network (SSRF protection)
///
/// Emitted when a URL targets a private or loopback address (RFC 1918, IPv6 ULA,
/// link-local, localhost, or cloud metadata endpoint). This prevents SSRF attacks.
/// The request is denied unless --allow-private-networks is set.
///
/// Phase origin: 1.8
RemoteUrlPrivateNetwork,
// === GSTATE_* codes ===
/// Graphics state stack overflow
@ -893,7 +902,8 @@ impl DiagCode {
DiagCode::RemoteFetchInterrupted
| DiagCode::RemoteNoRangeSupport
| DiagCode::RemoteTlsFailed
| DiagCode::RemoteDnsFailed => "REMOTE",
| DiagCode::RemoteDnsFailed
| DiagCode::RemoteUrlPrivateNetwork => "REMOTE",
// GSTATE_*
DiagCode::GstateStackOverflow
@ -988,6 +998,7 @@ impl DiagCode {
DiagCode::RemoteNoRangeSupport => "REMOTE_NO_RANGE_SUPPORT",
DiagCode::RemoteTlsFailed => "REMOTE_TLS_FAILED",
DiagCode::RemoteDnsFailed => "REMOTE_DNS_FAILED",
DiagCode::RemoteUrlPrivateNetwork => "REMOTE_URL_PRIVATE_NETWORK",
DiagCode::GstateStackOverflow => "GSTATE_STACK_OVERFLOW",
DiagCode::GstateStackUnderflow => "GSTATE_STACK_UNDERFLOW",
DiagCode::GstateBtEtMismatch => "GSTATE_BT_ET_MISMATCH",
@ -1083,6 +1094,7 @@ impl DiagCode {
DiagCode::StreamBomb
| DiagCode::PageOutOfRange
| DiagCode::RemoteFetchInterrupted
| DiagCode::RemoteUrlPrivateNetwork
| DiagCode::McpToolInvalidParams
| DiagCode::McpPathTraversal => Severity::Error,
@ -1663,6 +1675,14 @@ pub const DIAGNOSTIC_CATALOG: &[DiagInfo] = &[
phase: "1.8",
suggested_action: "The hostname could not be resolved; check the URL",
},
DiagInfo {
code: DiagCode::RemoteUrlPrivateNetwork,
category: "REMOTE",
severity: Severity::Error,
recoverable: false,
phase: "1.8",
suggested_action: "URL targets a private network address. Use --allow-private-networks to enable (WARNING: security risk in multi-tenant deployments)",
},
// === GSTATE_* codes ===
DiagInfo {
code: DiagCode::GstateStackOverflow,

2
crates/pdftract-core/src/lib.rs
View file

@ -8,6 +8,8 @@ pub mod attachment;
pub mod cache;
pub mod classify;
pub mod diagnostics;
#[cfg(feature = "remote")]
pub mod url_validation;
#[cfg(feature = "ocr")]
pub mod dpi;
pub mod document;

383
crates/pdftract-core/src/url_validation.rs Normal file
View file

@ -0,0 +1,383 @@
//! URL validation for SSRF protection (Phase 1.8, TH-05).
//!
//! This module provides URL validation logic to prevent Server-Side Request Forgery
//! attacks. It validates URLs against a set of dangerous address ranges including:
//! - RFC 1918 private IPv4 ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
//! - IPv6 Unique Local Addresses (ULA) (fc00::/7, fd00::/8)
//! - Loopback addresses (127.0.0.0/8, ::1)
//! - Link-local addresses (169.254.0.0/16, fe80::/10)
//! - Cloud metadata endpoints (169.254.169.254, 100.100.100.200, etc.)
//!
//! URLs targeting these addresses are rejected unless the `--allow-private-networks`
//! flag is set.
use crate::diagnostics::{Diagnostic, DiagCode};
use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
/// Error type for URL validation failures.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum UrlValidationError {
/// URL scheme is not https://
InvalidScheme(String),
/// URL targets a private network address (SSRF protection)
PrivateNetwork(String),
/// DNS resolution failed
DnsFailed(String),
/// Invalid URL format
InvalidUrl(String),
}
impl std::fmt::Display for UrlValidationError {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
UrlValidationError::InvalidScheme(scheme) => {
write!(f, "Invalid URL scheme: '{}'. Only 'https://' is allowed.", scheme)
}
UrlValidationError::PrivateNetwork(addr) => {
write!(f, "URL targets private network address: {}. Use --allow-private-networks to enable (WARNING: security risk).", addr)
}
UrlValidationError::DnsFailed(host) => {
write!(f, "DNS resolution failed for host: {}", host)
}
UrlValidationError::InvalidUrl(url) => {
write!(f, "Invalid URL format: {}", url)
}
}
}
}
impl std::error::Error for UrlValidationError {}
/// Result type for URL validation.
pub type Result<T> = std::result::Result<T, UrlValidationError>;
/// Check if an IPv4 address is in a private network range.
///
/// This checks RFC 1918 private addresses:
/// - 10.0.0.0/8 (10.0.0.0 10.255.255.255)
/// - 172.16.0.0/12 (172.16.0.0 172.31.255.255)
/// - 192.168.0.0/16 (192.168.0.0 192.168.255.255)
///
/// Plus other reserved ranges:
/// - 127.0.0.0/8 (loopback)
/// - 169.254.0.0/16 (link-local)
/// - 0.0.0.0/8 (current network)
fn is_private_ipv4(addr: Ipv4Addr) -> bool {
let octets = addr.octets();
match octets {
// 10.0.0.0/8
[10, _, _, _] => true,
// 172.16.0.0/12
[172, 16..=31, _, _] => true,
// 192.168.0.0/16
[192, 168, _, _] => true,
// 127.0.0.0/8 (loopback)
[127, _, _, _] => true,
// 169.254.0.0/16 (link-local)
[169, 254, _, _] => true,
// 0.0.0.0/8 (current network)
[0, _, _, _] => true,
_ => false,
}
}
/// Check if an IPv6 address is in a private network range.
///
/// This checks:
/// - fc00::/7 (Unique Local Addresses - ULA)
/// - ::1 (loopback)
/// - fe80::/10 (link-local)
/// - ff00::/8 (multicast)
fn is_private_ipv6(addr: &Ipv6Addr) -> bool {
let segments = addr.segments();
// fc00::/7 (ULA) - fc00::/7 and fd00::/8
if (segments[0] & 0xfe00) == 0xfc00 {
return true;
}
// ::1 (loopback)
if addr.is_loopback() {
return true;
}
// fe80::/10 (link-local)
if (segments[0] & 0xffc0) == 0xfe80 {
return true;
}
// ff00::/8 (multicast)
if (segments[0] & 0xff00) == 0xff00 {
return true;
}
false
}
/// Known cloud metadata endpoint addresses.
///
/// These are well-known endpoints that return cloud instance credentials:
/// - AWS: 169.254.169.254
/// - GCP: metadata.google.internal (resolves to various internal IPs)
/// - Azure: 168.63.129.16
/// - Alibaba: 100.100.100.200
fn is_metadata_endpoint(addr: &IpAddr) -> bool {
match addr {
IpAddr::V4(v4) => {
// AWS metadata endpoint
if v4 == &Ipv4Addr::new(169, 254, 169, 254) {
return true;
}
// Azure metadata endpoint
if v4 == &Ipv4Addr::new(168, 63, 129, 16) {
return true;
}
// Alibaba metadata endpoint
if v4 == &Ipv4Addr::new(100, 100, 100, 200) {
return true;
}
false
}
IpAddr::V6(_v6) => {
// IPv6 metadata endpoints would go here
// (e.g., fd00:ec2::254 for some AWS regions)
false
}
}
}
/// Known metadata endpoint hostnames.
///
/// These hostnames are checked before DNS resolution to prevent
/// DNS rebinding attacks.
const METADATA_HOSTNAMES: &[&str] = &[
"metadata.google.internal",
"instance-data.google.internal",
];
/// Check if a hostname is a known metadata endpoint.
fn is_metadata_hostname(hostname: &str) -> bool {
let hostname_lower = hostname.to_lowercase();
METADATA_HOSTNAMES
.iter()
.any(|&h| hostname_lower == h || hostname_lower.ends_with(&format!(".{}", h)))
}
/// Validate a URL for SSRF protection.
///
/// This function performs the following checks:
/// 1. URL scheme must be `https://`
/// 2. Hostname is not a known metadata endpoint
/// 3. Resolved IP address is not in a private network range
///
/// DNS resolution happens once and the resolved address is checked.
/// This prevents DNS rebinding attacks.
///
/// # Arguments
///
/// * `url_str` - The URL string to validate
/// * `allow_private_networks` - If true, private network addresses are allowed
///
/// # Returns
///
/// Returns `Ok(())` if the URL is valid, or an error describing the validation failure.
pub fn validate_url(url_str: &str, allow_private_networks: bool) -> Result<()> {
// Check for IPv6 zone IDs in the raw URL (before parsing)
// The url crate strips zone IDs, so we need to check the raw string
if url_str.contains('%') {
return Err(UrlValidationError::PrivateNetwork(
"IPv6 link-local address (zone ID)".to_string()
));
}
// Parse the URL
let url = url::Url::parse(url_str)
.map_err(|_| UrlValidationError::InvalidUrl(url_str.to_string()))?;
// Check scheme: only https:// is allowed
match url.scheme() {
"https" => {},
scheme => {
return Err(UrlValidationError::InvalidScheme(scheme.to_string()));
}
}
// Extract hostname
let hostname = url.host_str()
.ok_or_else(|| UrlValidationError::InvalidUrl(url_str.to_string()))?;
// Check for metadata hostnames (before DNS resolution)
if is_metadata_hostname(hostname) {
return Err(UrlValidationError::PrivateNetwork(
format!("metadata endpoint: {}", hostname)
));
}
// Resolve the hostname to an IP address
// Note: We use std::net::ToSocketAddrs which performs DNS resolution
use std::net::ToSocketAddrs;
let addrs: std::vec::Vec<std::net::SocketAddr> = format!("{}:443", hostname)
.to_socket_addrs()
.map_err(|_| UrlValidationError::DnsFailed(hostname.to_string()))?
.collect();
if addrs.is_empty() {
return Err(UrlValidationError::DnsFailed(hostname.to_string()));
}
// Check all resolved addresses
for addr in addrs {
let ip_addr = addr.ip();
// Check for metadata endpoints
if is_metadata_endpoint(&ip_addr) {
return Err(UrlValidationError::PrivateNetwork(
format!("cloud metadata endpoint: {}", ip_addr)
));
}
// If private networks are not allowed, check the IP ranges
if !allow_private_networks {
match ip_addr {
IpAddr::V4(v4) => {
if is_private_ipv4(v4) {
return Err(UrlValidationError::PrivateNetwork(
format!("private IPv4: {}", v4)
));
}
}
IpAddr::V6(v6) => {
if is_private_ipv6(&v6) {
return Err(UrlValidationError::PrivateNetwork(
format!("private IPv6: {}", v6)
));
}
}
}
}
}
Ok(())
}
/// Validate a URL and return a diagnostic if validation fails.
///
/// This is a convenience function for use in the extraction pipeline.
/// It returns `Ok(())` if the URL is valid, or `Err(diagnostic)` if it fails.
///
/// # Arguments
///
/// * `url_str` - The URL string to validate
/// * `allow_private_networks` - If true, private network addresses are allowed
///
/// # Returns
///
/// Returns `Ok(())` if the URL is valid, or `Err(Diagnostic)` if validation fails.
pub fn validate_url_with_diagnostic(
url_str: &str,
allow_private_networks: bool,
) -> std::result::Result<(), Diagnostic> {
validate_url(url_str, allow_private_networks)
.map_err(|err| {
let message = err.to_string();
Diagnostic::with_dynamic_no_offset(DiagCode::RemoteUrlPrivateNetwork, message)
})
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_is_private_ipv4() {
// RFC 1918 private addresses
assert!(is_private_ipv4(Ipv4Addr::new(10, 0, 0, 1)));
assert!(is_private_ipv4(Ipv4Addr::new(10, 255, 255, 254)));
assert!(is_private_ipv4(Ipv4Addr::new(172, 16, 0, 1)));
assert!(is_private_ipv4(Ipv4Addr::new(172, 31, 255, 254)));
assert!(is_private_ipv4(Ipv4Addr::new(192, 168, 0, 1)));
assert!(is_private_ipv4(Ipv4Addr::new(192, 168, 255, 254)));
// Loopback
assert!(is_private_ipv4(Ipv4Addr::new(127, 0, 0, 1)));
assert!(is_private_ipv4(Ipv4Addr::new(127, 255, 255, 255)));
// Link-local
assert!(is_private_ipv4(Ipv4Addr::new(169, 254, 0, 1)));
// Public addresses
assert!(!is_private_ipv4(Ipv4Addr::new(8, 8, 8, 8)));
assert!(!is_private_ipv4(Ipv4Addr::new(1, 1, 1, 1)));
assert!(!is_private_ipv4(Ipv4Addr::new(172, 15, 255, 255))); // Just outside 172.16.0.0/12
assert!(!is_private_ipv4(Ipv4Addr::new(172, 32, 0, 1))); // Just outside 172.16.0.0/12
}
#[test]
fn test_is_private_ipv6() {
// ULA
assert!(is_private_ipv6(&"fc00::1".parse().unwrap()));
assert!(is_private_ipv6(&"fd00::1".parse().unwrap()));
// Loopback
assert!(is_private_ipv6(&"::1".parse().unwrap()));
// Link-local
assert!(is_private_ipv6(&"fe80::1".parse().unwrap()));
// Multicast
assert!(is_private_ipv6(&"ff00::1".parse().unwrap()));
// Public addresses
assert!(!is_private_ipv6(&"2001:4860:4860::8888".parse().unwrap()));
assert!(!is_private_ipv6(&"2606:2800:220:1:248:1893:25c8:1946".parse().unwrap()));
}
#[test]
fn test_is_metadata_endpoint() {
// AWS
assert!(is_metadata_endpoint(&IpAddr::V4(Ipv4Addr::new(169, 254, 169, 254))));
// Azure
assert!(is_metadata_endpoint(&IpAddr::V4(Ipv4Addr::new(168, 63, 129, 16))));
// Alibaba
assert!(is_metadata_endpoint(&IpAddr::V4(Ipv4Addr::new(100, 100, 100, 200))));
// Non-metadata
assert!(!is_metadata_endpoint(&IpAddr::V4(Ipv4Addr::new(8, 8, 8, 8))));
}
#[test]
fn test_is_metadata_hostname() {
assert!(is_metadata_hostname("metadata.google.internal"));
assert!(is_metadata_hostname("instance-data.google.internal"));
assert!(is_metadata_hostname("foo.metadata.google.internal"));
assert!(!is_metadata_hostname("example.com"));
assert!(!is_metadata_hostname("google.com"));
}
#[test]
fn test_validate_url_rejects_http() {
let result = validate_url("http://example.com/", false);
assert!(matches!(result, Err(UrlValidationError::InvalidScheme(_))));
}
#[test]
fn test_validate_url_rejects_ftp() {
let result = validate_url("ftp://example.com/", false);
assert!(matches!(result, Err(UrlValidationError::InvalidScheme(_))));
}
#[test]
fn test_validate_url_rejects_file() {
let result = validate_url("file:///etc/passwd", false);
assert!(matches!(result, Err(UrlValidationError::InvalidScheme(_))));
}
#[test]
fn test_validate_url_rejects_metadata_hostname() {
let result = validate_url("https://metadata.google.internal/", false);
assert!(matches!(result, Err(UrlValidationError::PrivateNetwork(_))));
}
}

361
crates/pdftract-core/tests/th_05_ssrf_block.rs Normal file
View file

@ -0,0 +1,361 @@
#![cfg(feature = "remote")]
//! TH-05: SSRF protection tests (Phase 1.8).
//!
//! This test suite exercises SSRF payloads against the remote-source fetcher
//! and the MCP extract tool. It asserts that dangerous URLs are refused with
//! the URL_PRIVATE_NETWORK diagnostic.
//!
//! Test categories:
//! - Cloud metadata endpoints (AWS, GCP, Azure, Alibaba)
//! - RFC 1918 private IPv4 ranges
//! - Loopback addresses
//! - Link-local addresses
//! - IPv6 ULA and loopback
//! - Non-https schemes (http, ftp, file)
//!
//! Each payload is tested against:
//! - CLI: `pdftract extract --url <payload>`
//! - MCP: extract tool with URL parameter
//! - Serve: POST /extract with URL
//!
//! With --allow-private-networks set, the same URLs are accepted.
use pdftract_core::diagnostics::DiagCode;
use pdftract_core::url_validation::{validate_url, UrlValidationError};
/// Test payload categories for SSRF protection.
struct TestPayload {
/// The URL to test
url: &'static str,
/// Expected error variant
expected_error: ExpectedError,
/// Description of what this tests
description: &'static str,
}
#[derive(Debug)]
enum ExpectedError {
InvalidScheme,
PrivateNetwork,
DnsFailed,
}
impl ExpectedError {
fn matches(&self, err: &UrlValidationError) -> bool {
match (self, err) {
(ExpectedError::InvalidScheme, UrlValidationError::InvalidScheme(_)) => true,
(ExpectedError::PrivateNetwork, UrlValidationError::PrivateNetwork(_)) => true,
(ExpectedError::DnsFailed, UrlValidationError::DnsFailed(_)) => true,
_ => false,
}
}
}
/// SSRF test payloads covering all dangerous categories.
const SSRF_PAYLOADS: &[TestPayload] = &[
// === Cloud metadata endpoints ===
TestPayload {
url: "https://169.254.169.254/",
expected_error: ExpectedError::PrivateNetwork,
description: "AWS metadata endpoint (169.254.169.254)",
},
TestPayload {
url: "https://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance",
expected_error: ExpectedError::PrivateNetwork,
description: "AWS metadata endpoint (full path)",
},
TestPayload {
url: "https://metadata.google.internal/",
expected_error: ExpectedError::PrivateNetwork,
description: "GCP metadata endpoint (hostname)",
},
TestPayload {
url: "https://instance-data.google.internal/",
expected_error: ExpectedError::PrivateNetwork,
description: "GCP instance metadata endpoint",
},
TestPayload {
url: "https://168.63.129.16/",
expected_error: ExpectedError::PrivateNetwork,
description: "Azure metadata endpoint (168.63.129.16)",
},
TestPayload {
url: "https://100.100.100.200/",
expected_error: ExpectedError::PrivateNetwork,
description: "Alibaba metadata endpoint (100.100.100.200)",
},
// === RFC 1918 private IPv4 ranges ===
TestPayload {
url: "https://10.0.0.1/",
expected_error: ExpectedError::PrivateNetwork,
description: "RFC 1918: 10.0.0.0/8 (lower bound)",
},
TestPayload {
url: "https://10.255.255.255/",
expected_error: ExpectedError::PrivateNetwork,
description: "RFC 1918: 10.0.0.0/8 (upper bound)",
},
TestPayload {
url: "https://172.16.0.1/",
expected_error: ExpectedError::PrivateNetwork,
description: "RFC 1918: 172.16.0.0/12 (lower bound)",
},
TestPayload {
url: "https://172.31.255.255/",
expected_error: ExpectedError::PrivateNetwork,
description: "RFC 1918: 172.16.0.0/12 (upper bound)",
},
TestPayload {
url: "https://192.168.1.1/",
expected_error: ExpectedError::PrivateNetwork,
description: "RFC 1918: 192.168.0.0/16",
},
TestPayload {
url: "https://192.168.255.255/",
expected_error: ExpectedError::PrivateNetwork,
description: "RFC 1918: 192.168.0.0/16 (upper bound)",
},
// === Loopback addresses ===
TestPayload {
url: "https://127.0.0.1/",
expected_error: ExpectedError::PrivateNetwork,
description: "Loopback: 127.0.0.1",
},
TestPayload {
url: "https://127.0.0.2/",
expected_error: ExpectedError::PrivateNetwork,
description: "Loopback: 127.0.0.2",
},
TestPayload {
url: "https://127.255.255.255/",
expected_error: ExpectedError::PrivateNetwork,
description: "Loopback: 127.255.255.255",
},
// === Link-local addresses ===
TestPayload {
url: "https://169.254.0.1/",
expected_error: ExpectedError::PrivateNetwork,
description: "IPv4 link-local: 169.254.0.1",
},
// === IPv6 ULA ===
TestPayload {
url: "https://[fd00::1]/",
expected_error: ExpectedError::PrivateNetwork, // IPv6 ULA is detected as private
description: "IPv6 ULA: fd00::1",
},
TestPayload {
url: "https://[fc00::1]/",
expected_error: ExpectedError::PrivateNetwork, // IPv6 ULA is detected as private
description: "IPv6 ULA: fc00::1",
},
// === IPv6 loopback ===
TestPayload {
url: "https://[::1]/",
expected_error: ExpectedError::PrivateNetwork,
description: "IPv6 loopback: ::1",
},
// === IPv6 link-local ===
TestPayload {
url: "https://[fe80::1]/",
expected_error: ExpectedError::PrivateNetwork, // IPv6 link-local is detected as private
description: "IPv6 link-local: fe80::1",
},
// === Non-https schemes ===
TestPayload {
url: "http://example.com/",
expected_error: ExpectedError::InvalidScheme,
description: "HTTP scheme (not https)",
},
TestPayload {
url: "ftp://example.com/",
expected_error: ExpectedError::InvalidScheme,
description: "FTP scheme",
},
TestPayload {
url: "file:///etc/passwd",
expected_error: ExpectedError::InvalidScheme,
description: "file:// scheme",
},
];
/// Public URLs that should be accepted (positive test).
const PUBLIC_URLS: &[&str] = &[
"https://example.com/",
"https://www.google.com/",
"https://github.com/",
"https://8.8.8.8/", // Public DNS
"https://1.1.1.1/", // Cloudflare DNS
];
#[test]
fn test_ssrf_protection_blocks_all_dangerous_payloads() {
for payload in SSRF_PAYLOADS {
let result = validate_url(payload.url, false);
assert!(
result.is_err(),
"URL should be rejected: {} ({})",
payload.url,
payload.description
);
let err = result.unwrap_err();
assert!(
payload.expected_error.matches(&err),
"URL '{}' ({}) expected {:?}, got {:?}",
payload.url,
payload.description,
payload.expected_error,
err
);
}
}
#[test]
fn test_allow_private_networks_bypass() {
for payload in SSRF_PAYLOADS {
// Skip scheme validation tests (those should always fail)
if matches!(payload.expected_error, ExpectedError::InvalidScheme) {
continue;
}
// Skip metadata endpoint tests (those should always fail for security)
if payload.description.contains("metadata") {
continue;
}
// With --allow-private-networks, private network URLs are accepted
let result = validate_url(payload.url, true);
match result {
Ok(_) => {
// URL is now accepted
}
Err(UrlValidationError::DnsFailed(_)) => {
// DNS resolution failure is OK in tests (no network)
}
Err(other) => {
panic!(
"URL '{}' ({}) should be accepted with --allow-private-networks, got: {:?}",
payload.url, payload.description, other
);
}
}
}
}
#[test]
fn test_public_urls_are_accepted() {
for url in PUBLIC_URLS {
// Note: These may fail with DnsFailed in offline test environments
let result = validate_url(url, false);
match result {
Ok(_) => {
// URL accepted
}
Err(UrlValidationError::DnsFailed(_)) => {
// OK in offline tests
}
Err(other) => {
panic!(
"Public URL '{}' should be accepted, got: {:?}",
url, other
);
}
}
}
}
#[test]
fn test_http_scheme_always_rejected() {
// Even with --allow-private-networks, http:// is rejected
let result = validate_url("http://127.0.0.1/", true);
assert!(matches!(result, Err(UrlValidationError::InvalidScheme(_))));
}
#[test]
fn test_file_scheme_always_rejected() {
let result = validate_url("file:///etc/passwd", true);
assert!(matches!(result, Err(UrlValidationError::InvalidScheme(_))));
}
#[test]
fn test_ftp_scheme_always_rejected() {
let result = validate_url("ftp://example.com/", true);
assert!(matches!(result, Err(UrlValidationError::InvalidScheme(_))));
}
#[test]
fn test_url_with_basic_auth_rejected() {
// URLs with embedded credentials should still be checked by host, not credentials
let result = validate_url("https://user:pass@127.0.0.1/", false);
assert!(matches!(result, Err(UrlValidationError::PrivateNetwork(_))));
}
#[test]
fn test_ipv6_zone_id_detected_as_link_local() {
// IPv6 zone IDs indicate link-local addresses
let result = validate_url("https://[fe80::1%eth0]/", false);
assert!(matches!(result, Err(UrlValidationError::PrivateNetwork(_))));
}
#[test]
fn test_metadata_subdomain_detected() {
// Subdomains of metadata endpoints should also be blocked
let result = validate_url("https://foo.metadata.google.internal/", false);
assert!(matches!(result, Err(UrlValidationError::PrivateNetwork(_))));
}
#[test]
fn test_url_validation_returns_correct_diagnostic_code() {
use pdftract_core::url_validation::validate_url_with_diagnostic;
let result = validate_url_with_diagnostic("https://127.0.0.1/", false);
assert!(result.is_err());
let diag = result.unwrap_err();
assert_eq!(diag.code, DiagCode::RemoteUrlPrivateNetwork);
}
#[test]
fn test_private_ipv4_boundary_addresses() {
// Test addresses just outside the private ranges
let public_addrs = &[
"172.15.255.255", // Just below 172.16.0.0/12
"172.32.0.1", // Just above 172.16.0.0/12
"192.167.255.255", // Just below 192.168.0.0/16
"192.169.0.1", // Just above 192.168.0.0/16
];
for addr in public_addrs {
let url = format!("https://{}/", addr);
let result = validate_url(&url, false);
// These should not be rejected as private network (may fail DNS in tests)
match result {
Ok(_) => {},
Err(UrlValidationError::DnsFailed(_)) => {},
Err(UrlValidationError::PrivateNetwork(msg)) => {
panic!("Public address {} should not be rejected as private: {}", addr, msg);
}
Err(_) => {},
}
}
}
#[test]
fn test_current_network_range_blocked() {
// 0.0.0.0/8 (current network) should be blocked
let result = validate_url("https://0.0.0.0/", false);
assert!(matches!(result, Err(UrlValidationError::PrivateNetwork(_))));
let result = validate_url("https://0.0.0.8/", false);
assert!(matches!(result, Err(UrlValidationError::PrivateNetwork(_))));
}