Title: TOCTOU Race Condition in SSRF Protection (DNS Rebinding Attack)
Severity: CRITICAL
Component: src/extension_shield/utils/http_safety.py (Lines 137-182)
Impact: Supply chain compromise in cloud deployments
Problem
The safe_get() function validates DNS resolution once, then requests.get() performs an independent second DNS resolution. An attacker can serve a public IP during validation and a private/cloud-metadata IP during the actual request.
Python
❌ VULNERABLE CODE:
def safe_get(url, allowed_hosts, ...):
# First DNS resolution + validation
validate_outbound_url(url, allowed_hosts) # ✓ Resolves to 1.2.3.4
# Second independent DNS resolution (VULNERABLE)
response = requests.get(url, ...) # ❌ Can resolve to 169.254.169.254!
Attack Scenario
Code
- Attacker controls attacker.com DNS
- First check: attacker.com → 1.2.3.4 (public IP) ✓ passes
- Request sent: attacker.com → 169.254.169.254 (AWS metadata)
- ExtensionShield gets: EC2 instance credentials, IAM tokens, etc.
Title: TOCTOU Race Condition in SSRF Protection (DNS Rebinding Attack)
Severity: CRITICAL
Component: src/extension_shield/utils/http_safety.py (Lines 137-182)
Impact: Supply chain compromise in cloud deployments
Problem
The safe_get() function validates DNS resolution once, then requests.get() performs an independent second DNS resolution. An attacker can serve a public IP during validation and a private/cloud-metadata IP during the actual request.
Python
❌ VULNERABLE CODE:
def safe_get(url, allowed_hosts, ...):
# First DNS resolution + validation
validate_outbound_url(url, allowed_hosts) # ✓ Resolves to 1.2.3.4
Attack Scenario
Code