validDns function rewrite #1
Labels
No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: mike/fastapi#1
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
As stated, validDns function needs rewrite
In a fair world, the preprod would mimmic the prod env :D
71143ee238
small test result
the moment when this is going to be rolled out into production, check all callback formats if they pass the new checks - whitelisting character and ports.
when deploying py requests in call script, it should validate the domain again before calling to protect from dns rebinding. also requests needs to have following redirections disabled.
dns rebinding protection needs to be implemented.
Two consecutive calls to socket.getaddrinfo aren't guaranteed to return the same info, depending on the system configuration. If the "safe" looking record TTLs between the verification lookup and the lookup for actually opening the socket, we may end up connecting to a very different server than the one we OK'd!
Advocate gets around this by only using one getaddrinfo call for both verification and connecting the socket. In pseudocode:
def connect_socket(host, port):
for res in socket.getaddrinfo(host, port):
# where
res
will be a tuple containing the IP for the hostif not is_blacklisted(res):
# ... connect the socket using
res