validate_safe_url() — langchain Function Reference

Architecture documentation for the validate_safe_url() function in _ssrf_protection.py from the langchain codebase.

Function python LangChainCore ApiManagement calls 3 called by 4

Entity Profile

LangChainCore→ ApiManagement→ validate_safe_url() — langchain Function Reference

Dependency Diagram

graph TD
  6c828a82_ad0c_f5f1_d776_92c196a03eaf["validate_safe_url()"]
  76eef743_34da_b2b6_eda1_09a024269dbd["_ssrf_protection.py"]
  6c828a82_ad0c_f5f1_d776_92c196a03eaf -->|defined in| 76eef743_34da_b2b6_eda1_09a024269dbd
  e2a2ad8d_3007_a96a_a496_583f379150e4["is_safe_url()"]
  e2a2ad8d_3007_a96a_a496_583f379150e4 -->|calls| 6c828a82_ad0c_f5f1_d776_92c196a03eaf
  04d6ee76_020e_bf7e_0a19_fd6d4814735e["_validate_url_ssrf_strict()"]
  04d6ee76_020e_bf7e_0a19_fd6d4814735e -->|calls| 6c828a82_ad0c_f5f1_d776_92c196a03eaf
  964f5ab0_1ffa_e157_efaa_5a14dc47f1e0["_validate_url_ssrf_https_only()"]
  964f5ab0_1ffa_e157_efaa_5a14dc47f1e0 -->|calls| 6c828a82_ad0c_f5f1_d776_92c196a03eaf
  d880c4e7_f4e7_50c3_e4c3_8334dc609dac["_validate_url_ssrf_relaxed()"]
  d880c4e7_f4e7_50c3_e4c3_8334dc609dac -->|calls| 6c828a82_ad0c_f5f1_d776_92c196a03eaf
  b037f749_0dbd_866d_b123_d0a75dc719aa["is_cloud_metadata()"]
  6c828a82_ad0c_f5f1_d776_92c196a03eaf -->|calls| b037f749_0dbd_866d_b123_d0a75dc719aa
  1360012e_a2fc_367c_8e20_7b85ad1e7484["is_localhost()"]
  6c828a82_ad0c_f5f1_d776_92c196a03eaf -->|calls| 1360012e_a2fc_367c_8e20_7b85ad1e7484
  78b5bfcb_22e1_e889_17e4_76955dcd9a95["is_private_ip()"]
  6c828a82_ad0c_f5f1_d776_92c196a03eaf -->|calls| 78b5bfcb_22e1_e889_17e4_76955dcd9a95
  style 6c828a82_ad0c_f5f1_d776_92c196a03eaf fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

libs/core/langchain_core/_security/_ssrf_protection.py lines 138–253

def validate_safe_url(
    url: str | AnyHttpUrl,
    *,
    allow_private: bool = False,
    allow_http: bool = True,
) -> str:
    """Validate a URL for SSRF protection.

    This function validates URLs to prevent Server-Side Request Forgery (SSRF) attacks
    by blocking requests to private networks and cloud metadata endpoints.

    Args:
        url: The URL to validate (string or Pydantic HttpUrl)
        allow_private: If True, allows private IPs and localhost (for development).
                      Cloud metadata endpoints are ALWAYS blocked.
        allow_http: If True, allows both HTTP and HTTPS. If False, only HTTPS.

    Returns:
        The validated URL as a string

    Raises:
        ValueError: If URL is invalid or potentially dangerous

    Examples:
        >>> validate_safe_url("https://hooks.slack.com/services/xxx")
        'https://hooks.slack.com/services/xxx'

        >>> validate_safe_url("http://127.0.0.1:8080")
        ValueError: Localhost URLs are not allowed

        >>> validate_safe_url("http://192.168.1.1")
        ValueError: URL resolves to private IP: 192.168.1.1

        >>> validate_safe_url("http://169.254.169.254/latest/meta-data/")
        ValueError: URL resolves to cloud metadata IP: 169.254.169.254

        >>> validate_safe_url("http://localhost:8080", allow_private=True)
        'http://localhost:8080'
    """
    url_str = str(url)
    parsed = urlparse(url_str)

    # Validate URL scheme
    if not allow_http and parsed.scheme != "https":
        msg = "Only HTTPS URLs are allowed"
        raise ValueError(msg)

    if parsed.scheme not in ("http", "https"):
        msg = f"Only HTTP/HTTPS URLs are allowed, got scheme: {parsed.scheme}"
        raise ValueError(msg)

    # Extract hostname
    hostname = parsed.hostname
    if not hostname:
        msg = "URL must have a valid hostname"
        raise ValueError(msg)

    # Special handling for test environments - allow test server hostnames
    # testserver is used by FastAPI/Starlette test clients and doesn't resolve via DNS
    # Only enabled when LANGCHAIN_ENV=local_test (set in conftest.py)
    if (
        os.environ.get("LANGCHAIN_ENV") == "local_test"
        and hostname.startswith("test")
        and "server" in hostname
    ):
        return url_str

    # ALWAYS block cloud metadata endpoints (even with allow_private=True)
    if is_cloud_metadata(hostname):
        msg = f"Cloud metadata endpoints are not allowed: {hostname}"
        raise ValueError(msg)

    # Check for localhost
    if is_localhost(hostname) and not allow_private:
        msg = f"Localhost URLs are not allowed: {hostname}"
        raise ValueError(msg)

    # Resolve hostname to IP addresses and validate each one.
    # Note: DNS resolution results are cached by the OS, so repeated calls are fast.
    try:
        # Get all IP addresses for this hostname

Domain

LangChainCore

Subdomains

ApiManagement

Defined In

libs/core/langchain_core/_security/_ssrf_protection.py

Calls

Called By

Source

View on GitHub

Frequently Asked Questions

What does validate_safe_url() do?

validate_safe_url() is a function in the langchain codebase, defined in libs/core/langchain_core/_security/_ssrf_protection.py.

Where is validate_safe_url() defined?

validate_safe_url() is defined in libs/core/langchain_core/_security/_ssrf_protection.py at line 138.

What does validate_safe_url() call?

validate_safe_url() calls 3 function(s): is_cloud_metadata, is_localhost, is_private_ip.

What calls validate_safe_url()?

validate_safe_url() is called by 4 function(s): _validate_url_ssrf_https_only, _validate_url_ssrf_relaxed, _validate_url_ssrf_strict, is_safe_url.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free