How to Check HTML for SSRF Threats in Python

Server-side request forgery (SSRF) attacks are designed to specifically target a server by sending back-end requests from vulnerable web applications. One way attackers can deploy these attacks is by injecting them into HTML; this will provide an opening to access unsafe local or network paths in the server environment. To guard against these threats, you can use the following API in Python to automatically detect them from HTML text.

Let’s begin by installing the Python SDK:

pip install cloudmersive-validate-api-client

Next, we can add the user-facing HTML input and API key into the following code:

from __future__ import print_function
import time
import cloudmersive_validate_api_client
from cloudmersive_validate_api_client.rest import ApiException
from pprint import pprint
# Configure API key authorization: Apikey
configuration = cloudmersive_validate_api_client.Configuration()
configuration.api_key['Apikey'] = 'YOUR_API_KEY'
# create an instance of the API class
api_instance = cloudmersive_validate_api_client.TextInputApi(cloudmersive_validate_api_client.ApiClient(configuration))
value = 'value_example' # str | User-facing HTML input.
try:
# Protect html input from Server-side Request Forgery (SSRF) attacks
api_response = api_instance.text_input_check_html_ssrf(value)
pprint(api_response)
except ApiException as e:
print("Exception when calling TextInputApi->text_input_check_html_ssrf: %s\n" % e)

The returned response will indicate if a threat was detected so you can address it immediately if needed!

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store