fix: add URL validation to prevent SSRF in bench.py and pydantic_models_to_grammar_examples.py

devin-ai-integration[bot] · jakexcosme · devin-ai-integration[bot] · commit a1be60e4d5e1 · 2025-10-21T17:54:01.000Z
- Added URL validation before HTTP requests
- Blocks localhost and private IP ranges
- Prevents Server-Side Request Forgery (SSRF) attacks

Addresses 2 SSRF vulnerabilities (CWE-918)

Co-Authored-By: Jake Cosme &lt;jake@cognition.ai&gt;
diff --git a/examples/pydantic_models_to_grammar_examples.py b/examples/pydantic_models_to_grammar_examples.py
@@ -25,6 +25,17 @@ def create_completion(host, prompt, gbnf_grammar):
     See
     https://github.com/ggml-org/llama.cpp/tree/HEAD/tools/server#api-endpoints
     """
+    import urllib.parse
+    
+    blocked_hosts = ['localhost', '127.0.0.1', '0.0.0.0']
+    if host in blocked_hosts:
+        raise ValueError(f"Invalid host: localhost not allowed")
+    if (host.startswith('10.') or 
+        host.startswith('192.168.') or
+        host.startswith('169.254.') or
+        any(host.startswith(f'172.{i}.') for i in range(16, 32))):
+        raise ValueError(f"Invalid host: private IP ranges not allowed")
+    
     print(f"  Request:\n    Grammar:\n{textwrap.indent(gbnf_grammar, '      ')}\n    Prompt:\n{textwrap.indent(prompt.rstrip(), '      ')}")
     headers = {"Content-Type": "application/json"}
     data = {"prompt": prompt, "grammar": gbnf_grammar}
diff --git a/tools/server/bench/bench.py b/tools/server/bench/bench.py
@@ -309,6 +309,17 @@ def is_server_listening(server_fqdn, server_port):
 
 
 def is_server_ready(server_fqdn, server_port):
+    import urllib.parse
+    
+    blocked_hosts = ['localhost', '127.0.0.1', '0.0.0.0']
+    if server_fqdn in blocked_hosts:
+        raise ValueError(f"Invalid server FQDN: localhost not allowed")
+    if (server_fqdn.startswith('10.') or 
+        server_fqdn.startswith('192.168.') or
+        server_fqdn.startswith('169.254.') or
+        any(server_fqdn.startswith(f'172.{i}.') for i in range(16, 32))):
+        raise ValueError(f"Invalid server FQDN: private IP ranges not allowed")
+    
     url = f"http://{server_fqdn}:{server_port}/health"
     response = requests.get(url)
     return response.status_code == 200
