idunno.Security.Ssrf
5.3.0
Prefix Reserved
dotnet add package idunno.Security.Ssrf --version 5.3.0
NuGet\Install-Package idunno.Security.Ssrf -Version 5.3.0
<PackageReference Include="idunno.Security.Ssrf" Version="5.3.0" />
<PackageVersion Include="idunno.Security.Ssrf" Version="5.3.0" />
<PackageReference Include="idunno.Security.Ssrf" />
paket add idunno.Security.Ssrf --version 5.3.0
#r "nuget: idunno.Security.Ssrf, 5.3.0"
#:package idunno.Security.Ssrf@5.3.0
#addin nuget:?package=idunno.Security.Ssrf&version=5.3.0
#tool nuget:?package=idunno.Security.Ssrf&version=5.3.0
idunno.Security.Ssrf
A .NET library to help mitigate Server Side Request Forgery (SSRF) vulnerabilities in .NET applications that use HttpClient or ClientWebSocket.
Key Features
- Mitigates common SSRF vulnerabilities in .NET applications that use
HttpClientorClientWebSocket. - Supports both IPv4 and IPv6 addresses.
- Allows for extra IP ranges and addresses to be added to the default block list.
Getting Started
Add the idunno.Security.Ssrf package to your project, and then when you create an HttpClient and add an instance of the handler
to the message handler pipeline.
using (var httpClient = new HttpClient(SsrfSocketsHttpHandlerFactory.Create()))
{
_ = await httpClient.GetAsync(new Uri("bad.ssl.fail")).ConfigureAwait(false);
}
If you want to protect a ClientWebSocket you can pass a an instance of the handler in as the invoker parameter of
ConnectAsync();.
using (var clientWebSocket = new ClientWebSocket())
using (var httpClient = new HttpClient(SsrfSocketsHttpHandlerFactory.Create()))
{
await clientWebSocket.ConnectAsync(
uri: new Uri("wss://echo.websocket.org"),
invoker: httpClient);
}
If the SSRF handler encounters anything unsafe it will throw an SsrfException.
Please see the full README and the documentation for more details
The CHANGELOG has a full a list of changes in each version.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 is compatible. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- Microsoft.Extensions.DependencyInjection (>= 10.0.0)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.5)
- OpenTelemetry.Extensions.Hosting (>= 1.15.3)
-
net8.0
- Microsoft.Extensions.DependencyInjection (>= 8.0.0)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.5)
- OpenTelemetry.Extensions.Hosting (>= 1.15.3)
-
net9.0
- Microsoft.Extensions.DependencyInjection (>= 9.0.0)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.5)
- OpenTelemetry.Extensions.Hosting (>= 1.15.3)
NuGet packages (1)
Showing the top 1 NuGet packages that depend on idunno.Security.Ssrf:
| Package | Downloads |
|---|---|
|
idunno.AtProto
.NET client for ATProto. |
GitHub repositories
This package is not used by any popular GitHub repositories.