Module io.github.pixee.security
Package io.github.pixee.security

Interface HostValidator

  • public interface HostValidator
    A type that validates hosts to be connected.

    • Field Detail

      • DENY_COMMON_INFRASTRUCTURE_TARGETS

        static final HostValidator DENY_COMMON_INFRASTRUCTURE_TARGETS
        A HostValidator that prevents access to common infrastructure targets. Right now this only includes likely gateway IP address and AWS Metadata services host, but hopefully over time we can identify more. Note that changes to this set should also include the "integer" version of the IP address, which can be generated with utilities on the web.

    • Method Detail

      • isAllowed

        boolean isAllowed​(java.lang.String host)
        Decide whether a host is allowed to be reached
        Parameters:
        host - the host of a URL
        Returns:
        true, if the application can connect to the host, false otherwise

      • fromAllowedHostPattern

        static HostValidator fromAllowedHostPattern​(java.util.regex.Pattern allowPattern)
        Return a HostValidator that will validate the host name against the "allowPattern".
        Parameters:
        allowPattern - the pattern that describes allowed hosts
        Returns:
        a validator based on the given host pattern

      • fromAllowedHostDomain

        static HostValidator fromAllowedHostDomain​(java.lang.String domainName)
        Return a HostValidator that will assure a given domain is within the allowed domain. For example, given a domain of "good.com", this validator will allow "good.com", "www.good.com", "internal.good.com", etc.
        Parameters:
        domainName - the domain to allow, e.g., "good.com", or "internal-host"
        Returns:
        a validator that will only allow hosts within the given domain space