DripDrop.Hooks.URLGuard (DripDrop v0.1.0)

Copy Markdown View Source

Validates outbound HTTP hook URLs to mitigate SSRF.

The guard enforces a scheme allowlist (https by default; http opt-in via config :dripdrop, :http_hook_allow_http, true), resolves the host to its IP addresses, and rejects any address inside a private, loopback, link-local, CGNAT, or unique-local range unless config :dripdrop, :http_hook_allow_private, true is set. Validation runs both at HttpHook create/update time and again after Liquid rendering inside the evaluator, since template variables can rewrite the host.

Summary

Functions

validate(url, opts \\ [])

Returns :ok if url is safe to fetch, otherwise {:error, reason}.

Functions

validate(url, opts \\ [])

@spec validate(
  binary() | nil,
  keyword()
) :: :ok | {:error, atom()}

Returns :ok if url is safe to fetch, otherwise {:error, reason}.

Pass req_options: (a keyword list of Req options) to opt out when the caller is using Req.Test stubbing — that bypasses real DNS so the guard can't resolve example fixtures.