_ssrf_protection.py — langchain Source File
Architecture documentation for _ssrf_protection.py, a python file in the langchain codebase. 6 imports, 0 dependents.
Entity Profile
Dependency Diagram
graph LR 6fb7a68f_853f_57e8_3f88_3e2bbb67dcc0["_ssrf_protection.py"] 62873f8b_8a94_85c2_95cc_97f5dd78db74["ipaddress"] 6fb7a68f_853f_57e8_3f88_3e2bbb67dcc0 --> 62873f8b_8a94_85c2_95cc_97f5dd78db74 9e98f0a7_ec6e_708f_4f1b_e9428b316e1c["os"] 6fb7a68f_853f_57e8_3f88_3e2bbb67dcc0 --> 9e98f0a7_ec6e_708f_4f1b_e9428b316e1c bc14fe21_453e_4229_a3cd_5fe97513e015["socket"] 6fb7a68f_853f_57e8_3f88_3e2bbb67dcc0 --> bc14fe21_453e_4229_a3cd_5fe97513e015 8e2034b7_ceb8_963f_29fc_2ea6b50ef9b3["typing"] 6fb7a68f_853f_57e8_3f88_3e2bbb67dcc0 --> 8e2034b7_ceb8_963f_29fc_2ea6b50ef9b3 c89186be_3766_27dd_efaa_6092bf0ccc74["urllib.parse"] 6fb7a68f_853f_57e8_3f88_3e2bbb67dcc0 --> c89186be_3766_27dd_efaa_6092bf0ccc74 6e58aaea_f08e_c099_3cc7_f9567bfb1ae7["pydantic"] 6fb7a68f_853f_57e8_3f88_3e2bbb67dcc0 --> 6e58aaea_f08e_c099_3cc7_f9567bfb1ae7 style 6fb7a68f_853f_57e8_3f88_3e2bbb67dcc0 fill:#6366f1,stroke:#818cf8,color:#fff
Relationship Graph
Source Code
"""SSRF Protection for validating URLs against Server-Side Request Forgery attacks.
This module provides utilities to validate user-provided URLs and prevent SSRF attacks
by blocking requests to:
- Private IP ranges (RFC 1918, loopback, link-local)
- Cloud metadata endpoints (AWS, GCP, Azure, etc.)
- Localhost addresses
- Invalid URL schemes
Usage:
from lc_security.ssrf_protection import validate_safe_url, is_safe_url
# Validate a URL (raises ValueError if unsafe)
safe_url = validate_safe_url("https://example.com/webhook")
# Check if URL is safe (returns bool)
if is_safe_url("http://192.168.1.1"):
# URL is safe
pass
# Allow private IPs for development/testing (still blocks cloud metadata)
safe_url = validate_safe_url("http://localhost:8080", allow_private=True)
"""
import ipaddress
import os
import socket
from typing import Annotated, Any
from urllib.parse import urlparse
from pydantic import (
AnyHttpUrl,
BeforeValidator,
HttpUrl,
)
# Private IP ranges (RFC 1918, RFC 4193, RFC 3927, loopback)
PRIVATE_IP_RANGES = [
ipaddress.ip_network("10.0.0.0/8"), # Private Class A
ipaddress.ip_network("172.16.0.0/12"), # Private Class B
ipaddress.ip_network("192.168.0.0/16"), # Private Class C
ipaddress.ip_network("127.0.0.0/8"), # Loopback
ipaddress.ip_network("169.254.0.0/16"), # Link-local (includes cloud metadata)
ipaddress.ip_network("0.0.0.0/8"), # Current network
ipaddress.ip_network("::1/128"), # IPv6 loopback
ipaddress.ip_network("fc00::/7"), # IPv6 unique local
ipaddress.ip_network("fe80::/10"), # IPv6 link-local
ipaddress.ip_network("ff00::/8"), # IPv6 multicast
]
# Cloud provider metadata endpoints
CLOUD_METADATA_IPS = [
"169.254.169.254", # AWS, GCP, Azure, DigitalOcean, Oracle Cloud
"169.254.170.2", # AWS ECS task metadata
"100.100.100.200", # Alibaba Cloud metadata
]
CLOUD_METADATA_HOSTNAMES = [
"metadata.google.internal", # GCP
"metadata", # Generic
// ... (302 more lines)Domain
Subdomains
Functions
Dependencies
- ipaddress
- os
- pydantic
- socket
- typing
- urllib.parse
Source
Frequently Asked Questions
What does _ssrf_protection.py do?
_ssrf_protection.py is a source file in the langchain codebase, written in python. It belongs to the CoreAbstractions domain, Serialization subdomain.
What functions are defined in _ssrf_protection.py?
_ssrf_protection.py defines 8 function(s): _validate_url_ssrf_https_only, _validate_url_ssrf_relaxed, _validate_url_ssrf_strict, is_cloud_metadata, is_localhost, is_private_ip, is_safe_url, validate_safe_url.
What does _ssrf_protection.py depend on?
_ssrf_protection.py imports 6 module(s): ipaddress, os, pydantic, socket, typing, urllib.parse.
Where is _ssrf_protection.py in the architecture?
_ssrf_protection.py is located at libs/core/langchain_core/_security/_ssrf_protection.py (domain: CoreAbstractions, subdomain: Serialization, directory: libs/core/langchain_core/_security).
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free