ifcurl/ifcurl
Bruno Postle d076196bac service.py: SSRF protection — reject local transport, add --allowed-hosts
The preview endpoint is co-hosted with a specific Forgejo instance, so it
should only be allowed to fetch from that host.

- Local file transport (ifc:///path) is always rejected with 403 — the service
  must not read from the server's own filesystem
- New --allowed-hosts CLI option for `ifcurl serve` takes a comma-separated
  list of permitted git hostnames (e.g. git.example.com or localhost:3000);
  any unlisted host is rejected with 403
- Defense-in-depth: literal private/loopback/link-local IP addresses are
  blocked even without an allowlist (169.254.x.x, 127.x, RFC1918, etc.)
- README and forgejo/README.md updated to include --allowed-hosts in the
  standard deployment invocation

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-24 08:26:37 +01:00
..
__init__.py Preview service and improved CLI help 2026-04-15 21:46:50 +01:00
__main__.py service.py: SSRF protection — reject local transport, add --allowed-hosts 2026-04-24 08:26:37 +01:00
auth.py Authentication and test coverage 2026-04-15 23:21:13 +01:00
git.py Fix port preservation and HTTP fallback for local Gitea 2026-04-15 23:50:54 +01:00
py.typed Python core library and ifcurl CLI 2026-04-15 21:24:35 +01:00
render.py Fixes for render bugs 2026-04-22 00:22:35 +01:00
service.py service.py: SSRF protection — reject local transport, add --allowed-hosts 2026-04-24 08:26:37 +01:00
url.py Fix port preservation and HTTP fallback for local Gitea 2026-04-15 23:50:54 +01:00