🛡️ Sentinel: Harden SSRF protection and add security tests

[abhimehro]

Removed @lru_cache from validate_folder_url in main.py to mitigate TOCTOU (Time-of-Check Time-of-Use) vulnerabilities where DNS records could change between validation and fetch.

Added comprehensive tests in tests/test_security.py (merged with existing tests) to verify:

• HTTPS enforcement
• Rejection of private/loopback IPs (IPv4/IPv6)
• Blocking of localhost
• Safe handling of DNS failures

This ensures the SSRF protection mechanism is robust and verified by CI.

---

PR created automatically by Jules for task 13165274204186978288 started by @abhimehro

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[trunk-io]

Merging to main in this repository is managed by Trunk.

• To merge this pull request, check the box to the left or comment /trunk merge below.

[gemini-code-assist]

Summary of Changes

Hello @abhimehro, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly hardens the SSRF protection mechanism by eliminating a potential TOCTOU vulnerability related to DNS caching and by introducing a robust suite of security tests. The changes ensure that URL validations are always performed immediately before use, preventing malicious DNS record changes from being exploited, and that the system correctly blocks various forms of unauthorized access attempts.

Highlights

• TOCTOU Vulnerability Mitigation: The @lru_cache decorator was removed from the validate_folder_url function in main.py to prevent Time-of-Check Time-of-Use (TOCTOU) vulnerabilities, specifically DNS rebinding attacks, by ensuring validation occurs immediately before use.
• Enhanced Security Testing: Comprehensive security tests have been added to tests/test_security.py to rigorously verify the validate_folder_url function's SSRF protection. These tests cover HTTPS enforcement, rejection of private/loopback IPs (both resolved and literal), and safe handling of DNS failures.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively hardens the application against Server-Side Request Forgery (SSRF) attacks by removing caching from the URL validation logic, which mitigates a Time-of-Check Time-of-Use (TOCTOU) vulnerability. The changes in main.py are correct and well-commented. The addition of a comprehensive security test suite in tests/test_security.py is a significant improvement, ensuring the SSRF protections are robust and verifiable. My review includes a few suggestions to further improve the new tests by using parametrization, which will enhance their readability and maintainability.

[gemini-code-assist]

This test can be made more concise and easier to extend by using pytest.mark.parametrize. This converts multiple assertions into a data-driven test, which is cleaner and provides better failure messages for individual cases.

Suggested change

	def test_rejects_non_https(self):
	assert main.validate_folder_url("http://example.com/foo") is False
	assert main.validate_folder_url("ftp://example.com/foo") is False
	assert main.validate_folder_url("file:///etc/passwd") is False
	@pytest.mark.parametrize("url", [
	"http://example.com/foo",
	"ftp://example.com/foo",
	"file:///etc/passwd",
	])
	def test_rejects_non_https(self, url):
	assert main.validate_folder_url(url) is False

[gemini-code-assist]

For a mock that should always return the same value regardless of arguments, using return_value is simpler and more direct than side_effect with a lambda. This improves readability.

Suggested change

	mock_gai.side_effect = lambda host, *args, **kwargs: mock_getaddrinfo_ipv4("8.8.8.8")
	mock_gai.return_value = mock_getaddrinfo_ipv4("8.8.8.8")

[gemini-code-assist]

The tests for private, loopback, and IPv6 loopback resolutions are very similar. They can be combined into a single, parametrized test. This reduces code duplication and makes the test suite easier to maintain and extend with more non-public IP cases in the future. This suggestion also simplifies the mock setup by using return_value instead of a side_effect with a lambda, which is more direct for this use case.

Suggested change

	@patch('socket.getaddrinfo')
	def test_rejects_private_ip_resolution(self, mock_gai):
	# Mock domain resolving to private IP (192.168.1.1)
	mock_gai.side_effect = lambda host, *args, **kwargs: mock_getaddrinfo_ipv4("192.168.1.1")
	assert main.validate_folder_url("https://internal.corp/foo") is False
	@patch('socket.getaddrinfo')
	def test_rejects_loopback_ip_resolution(self, mock_gai):
	# Mock domain resolving to loopback IP (127.0.0.1)
	mock_gai.side_effect = lambda host, *args, **kwargs: mock_getaddrinfo_ipv4("127.0.0.1")
	assert main.validate_folder_url("https://evil.com/foo") is False
	@patch('socket.getaddrinfo')
	def test_rejects_ipv6_loopback_resolution(self, mock_gai):
	# Mock domain resolving to IPv6 loopback (::1)
	mock_gai.side_effect = lambda host, *args, **kwargs: mock_getaddrinfo_ipv6("::1")
	assert main.validate_folder_url("https://ipv6.local/foo") is False
	@pytest.mark.parametrize("ip, mock_fn, url", [
	("192.168.1.1", mock_getaddrinfo_ipv4, "https://internal.corp/foo"),
	("127.0.0.1", mock_getaddrinfo_ipv4, "https://evil.com/foo"),
	("::1", mock_getaddrinfo_ipv6, "https://ipv6.local/foo"),
	])
	@patch('socket.getaddrinfo')
	def test_rejects_non_public_ip_resolution(self, mock_gai, ip, mock_fn, url):
	"""Tests that domains resolving to private or loopback IPs are rejected."""
	mock_gai.return_value = mock_fn(ip)
	assert main.validate_folder_url(url) is False

[gemini-code-assist]

This test can be made more concise and easier to extend by using pytest.mark.parametrize. This converts multiple assertions into a data-driven test, which is cleaner and provides better failure messages for individual cases.

Suggested change

	def test_rejects_ip_literal_private(self):
	# IP literals are checked directly via ipaddress module, bypassing DNS
	assert main.validate_folder_url("https://192.168.1.1/foo") is False
	assert main.validate_folder_url("https://10.0.0.1/foo") is False
	assert main.validate_folder_url("https://127.0.0.1/foo") is False
	assert main.validate_folder_url("https://[::1]/foo") is False
	@pytest.mark.parametrize("url", [
	"https://192.168.1.1/foo",
	"https://10.0.0.1/foo",
	"https://127.0.0.1/foo",
	"https://[::1]/foo",
	])
	def test_rejects_ip_literal_private(self, url):
	# IP literals are checked directly via ipaddress module, bypassing DNS
	assert main.validate_folder_url(url) is False

[gemini-code-assist]

This test can be made more concise and easier to extend by using pytest.mark.parametrize. This converts multiple assertions into a data-driven test.

Suggested change

	def test_accepts_ip_literal_public(self):
	assert main.validate_folder_url("https://8.8.8.8/foo") is True
	assert main.validate_folder_url("https://[2001:4860:4860::8888]/foo") is True
	@pytest.mark.parametrize("url", [
	"https://8.8.8.8/foo",
	"https://[2001:4860:4860::8888]/foo",
	])
	def test_accepts_ip_literal_public(self, url):
	assert main.validate_folder_url(url) is True

[github-advanced-security]

Pylintpython3 (reported by Codacy) found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

[github-advanced-security]

Pylint (reported by Codacy) found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

[Copilot]

Pull request overview

This PR strengthens SSRF (Server-Side Request Forgery) protection by removing the @lru_cache decorator from validate_folder_url to eliminate TOCTOU (Time-of-Check Time-of-Use) vulnerabilities arising from DNS rebinding attacks. The change ensures DNS resolution happens at validation time rather than using potentially stale cached results. Comprehensive security tests are added to verify the SSRF protection mechanisms.

Changes:

• Removed @lru_cache decorator and import to prevent caching of validation results
• Updated security comments explaining TOCTOU/DNS rebinding risks
• Added comprehensive test suite covering HTTPS enforcement, private/loopback IP rejection (IPv4/IPv6), public IP acceptance, and DNS failure handling

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
main.py	Removed lru_cache import, decorator, and cache clearing; added security comments explaining TOCTOU mitigation
tests/test_security.py	Added comprehensive SSRF protection tests including protocol validation, IP address checks, DNS resolution scenarios, and failure handling

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The comment states "Validation now happens per-fetch" but this is not entirely accurate. Looking at the _fetch_if_valid function below (lines 1058-1060), URLs that are already in the data cache (_cache) are returned directly without re-validation. This means validation does not happen per-fetch for cached URLs, which could still present a TOCTOU risk if DNS records change between syncs within the same process. Consider updating the comment to clarify that validation happens per-fetch for non-cached URLs, or document the accepted risk of using cached data without re-validation.