util.validation¶

General validation utilities for Trustpoint.

Attributes¶

`MIN_USER_PORT`
`MAX_PORT`
`STANDARD_HTTP_PORTS`
`STANDARD_HTTPS_PORTS`
`DANGEROUS_PORTS`

Exceptions¶

ValidationError

Raised when validation fails.

Functions¶

`validate_common_name_characters`(common_name)	Validate that the common name contains only safe characters and no URL-like constructs.
`validate_application_uri`(application_uri)	Validate that the application URI has a valid scheme and is not HTTP/HTTPS.
`_is_ip_blocked`(ip)	Check if an IP address is in a blocked range for SSRF prevention.
`_validate_webhook_scheme_and_host`(parsed)	Validate URL scheme and host.
`_validate_webhook_port`(parsed)	Validate URL port number for SSRF prevention.
`_validate_webhook_hostname_and_ip`(hostname)	Validate hostname and resolve to safe IP addresses.
`validate_webhook_url`(url)	Validate that the webhook URL is safe and doesn't allow SSRF attacks.

Module Contents¶

util.validation.MIN_USER_PORT = 1024[source]¶

util.validation.MAX_PORT = 65535[source]¶

util.validation.STANDARD_HTTP_PORTS = (80, 8080, 8888)[source]¶

util.validation.STANDARD_HTTPS_PORTS = (443, 8443)[source]¶

util.validation.DANGEROUS_PORTS[source]¶

exception util.validation.ValidationError[source]¶

Bases: Exception

Raised when validation fails.

util.validation.validate_common_name_characters(common_name)[source]¶

Validate that the common name contains only safe characters and no URL-like constructs.

Parameters:: common_name (str)
Return type:: None

util.validation.validate_application_uri(application_uri)[source]¶

Validate that the application URI has a valid scheme and is not HTTP/HTTPS.

Parameters:: application_uri (str)
Return type:: None

util.validation._is_ip_blocked(ip)[source]¶

Check if an IP address is in a blocked range for SSRF prevention.

Parameters:: ip (ipaddress.IPv4Address | ipaddress.IPv6Address)
Return type:: bool

util.validation._validate_webhook_scheme_and_host(parsed)[source]¶

Validate URL scheme and host.

Parameters:: parsed (urllib.parse.ParseResult)
Return type:: None

util.validation._validate_webhook_port(parsed)[source]¶

Validate URL port number for SSRF prevention.

Parameters:: parsed (urllib.parse.ParseResult)
Return type:: None

util.validation._validate_webhook_hostname_and_ip(hostname)[source]¶

Validate hostname and resolve to safe IP addresses.

Parameters:: hostname (str)
Return type:: None

util.validation.validate_webhook_url(url)[source]¶

Validate that the webhook URL is safe and doesn’t allow SSRF attacks.

Implements comprehensive SSRF protection following OWASP guidelines: - Input validation and sanitization - URL parsing and scheme validation - Port number restrictions - Hostname validation - DNS resolution and IP address validation - Blocking of private/internal networks

Parameters:: url (str)
Return type:: None