Skip to content

Latest commit

 

History

History
179 lines (156 loc) · 14.6 KB

mitigations.md

File metadata and controls

179 lines (156 loc) · 14.6 KB

Mitigation Strategies Analysis for psf/requests

Mitigation Strategy: Regularly Update requests and its Dependencies

  • Mitigation Strategy: Regularly Update requests and its Dependencies
  • Description:
    1. Identify Dependencies: Use dependency management tools (like pipenv, poetry, or pip freeze) to list project dependencies, including requests.
    2. Check for Updates: Regularly check for new versions of requests using tools like pip list --outdated or vulnerability scanners.
    3. Review Release Notes: Before updating, review release notes for security patches and bug fixes in requests.
    4. Update Dependencies: Use dependency management tools to update to the latest stable requests version (e.g., pip install --upgrade requests).
    5. Test Thoroughly: After updating, run tests to ensure no regressions are introduced.
  • Threats Mitigated:
    • Exploitation of Known Vulnerabilities (High Severity): Outdated requests versions may contain known security flaws.
  • Impact:
    • Exploitation of Known Vulnerabilities: Significantly reduces risk by patching known vulnerabilities in requests.
  • Currently Implemented: Yes, using requirements.txt and manual pip install --upgrade during development and deployment.
  • Missing Implementation: Automation of requests updates in CI/CD pipeline is missing.

Mitigation Strategy: Vulnerability Scanning of Dependencies

  • Mitigation Strategy: Vulnerability Scanning of Dependencies
  • Description:
    1. Choose a Scanner: Select a vulnerability scanning tool (e.g., Snyk, OWASP Dependency-Check, GitHub Dependency Scanning).
    2. Integrate Scanner: Integrate the scanner into the development pipeline (e.g., CI/CD).
    3. Configure Scanner: Configure the scanner to analyze project dependencies, including requests.
    4. Run Scans Regularly: Schedule regular scans to detect vulnerabilities in requests and its dependencies.
    5. Review Scan Results: Analyze scan results to identify reported vulnerabilities in requests.
    6. Prioritize and Remediate: Prioritize and remediate vulnerabilities by updating requests or applying patches.
  • Threats Mitigated:
    • Exploitation of Known Vulnerabilities (High Severity): Proactively identifies vulnerabilities in requests before exploitation.
  • Impact:
    • Exploitation of Known Vulnerabilities: Significantly reduces risk by enabling proactive patching of requests vulnerabilities.
  • Currently Implemented: No, vulnerability scanning is not currently integrated into the project.
  • Missing Implementation: Vulnerability scanning needs to be implemented in the CI/CD pipeline to scan requests dependencies.

Mitigation Strategy: Explicitly Set TLS Version in requests

  • Mitigation Strategy: Explicitly Set TLS Version in requests
  • Description:
    1. Import Modules: Import necessary modules from requests and urllib3 for TLS configuration.
    2. Create Session: Instantiate a requests.Session object.
    3. Create SSL Context: Use create_urllib3_context(ssl_version=PROTOCOL_TLSv1_2) to create an SSL context enforcing TLSv1.2 (or higher).
    4. Create HTTPAdapter with Context: Instantiate HTTPAdapter and pass the SSL context using ssl_context parameter.
    5. Mount Adapter to Session: Mount the HTTPAdapter to the https:// scheme using session.mount('https://', adapter).
    6. Use Session for HTTPS: Use the configured session for all HTTPS requests in the application to enforce the TLS version.
  • Threats Mitigated:
    • Downgrade Attacks (Medium Severity): Prevents attackers from forcing requests to use older, less secure TLS versions.
  • Impact:
    • Downgrade Attacks: Significantly reduces risk by enforcing a minimum secure TLS version for requests connections.
  • Currently Implemented: No, TLS version is not explicitly set in requests configuration.
  • Missing Implementation: TLS version enforcement needs to be implemented in the requests session configuration.

Mitigation Strategy: Enforce Certificate Verification in requests

  • Mitigation Strategy: Enforce Certificate Verification in requests
  • Description:
    1. Ensure verify=True (Default): When using requests, ensure the verify parameter is True (default) or not explicitly set.
    2. Avoid verify=False: Never set verify=False in production code when using requests.
    3. Optional: Specify CA Bundle: For stricter control, provide a CA bundle file path to the verify parameter (e.g., verify='/path/to/ca_bundle.pem') when using requests.
  • Threats Mitigated:
    • Man-in-the-Middle (MITM) Attacks (High Severity): Prevents MITM attacks by ensuring requests verifies server certificates.
  • Impact:
    • Man-in-the-Middle (MITM) Attacks: Significantly reduces risk by ensuring server identity is verified by requests.
  • Currently Implemented: Yes, certificate verification is enabled by default in requests.
  • Missing Implementation: N/A - Currently implemented by default behavior of requests.

Mitigation Strategy: Hostname Verification in requests

  • Mitigation Strategy: Hostname Verification in requests
  • Description:
    1. Ensure verify=True (Default): Hostname verification is automatically enabled in requests when verify=True.
    2. Do Not Disable verify: Avoid disabling verify=False in requests as it disables hostname verification.
  • Threats Mitigated:
    • Man-in-the-Middle (MITM) Attacks (High Severity): Prevents MITM attacks by ensuring requests verifies certificate hostname.
  • Impact:
    • Man-in-the-Middle (MITM) Attacks: Significantly reduces risk by ensuring certificate is valid for the requested hostname in requests.
  • Currently Implemented: Yes, hostname verification is enabled by default in requests when certificate verification is enabled.
  • Missing Implementation: N/A - Currently implemented by default behavior of requests.

Mitigation Strategy: Input Validation and Sanitization for URLs used in requests

  • Mitigation Strategy: Input Validation and Sanitization for URLs used in requests
  • Description:
    1. Identify User Input URLs: Locate code where URLs for requests are from user input.
    2. URL Scheme Validation: Validate URL schemes are https:// (or http:// if needed) before using in requests.
    3. Domain Allowlisting (Recommended): Allowlist trusted domains for URLs used in requests.
    4. Domain Denylisting (Alternative): Denylist malicious domains or internal ranges for URLs used in requests.
    5. URL Sanitization: Sanitize URLs to remove malicious characters before using in requests.
    6. Error Handling: Implement error handling for invalid URLs used in requests.
  • Threats Mitigated:
    • Server-Side Request Forgery (SSRF) (High Severity): Prevents SSRF by validating URLs used in requests.
  • Impact:
    • Server-Side Request Forgery (SSRF): Significantly reduces risk by limiting URLs requests can access.
  • Currently Implemented: Partially implemented. Basic URL scheme validation exists for some inputs used with requests.
  • Missing Implementation: Domain allowlisting/denylisting and comprehensive sanitization are missing for URLs used in requests.

Mitigation Strategy: URL Allowlisting and Denylisting for requests

  • Mitigation Strategy: URL Allowlisting and Denylisting for requests
  • Description:
    1. Define Lists: Create allowlist/denylist of domains/URL patterns for requests.
    2. Implement Check Function: Create a function to check if a URL is allowed/denied for requests.
    3. Integrate Check Before requests: Validate URLs using the check function before making requests with requests.
    4. Enforce Policy: Reject requests and log attempts if URLs are not allowed/are denied for requests.
    5. Regularly Update Lists: Regularly review and update allowlist/denylist for requests.
  • Threats Mitigated:
    • Server-Side Request Forgery (SSRF) (High Severity): Restricts SSRF attacks by controlling destinations accessible by requests.
  • Impact:
    • Server-Side Request Forgery (SSRF): Significantly reduces risk by controlling target URLs for requests.
  • Currently Implemented: No, URL allowlisting or denylisting is not implemented for requests.
  • Missing Implementation: URL allowlisting or denylisting needs to be implemented and integrated before making requests with requests.

Mitigation Strategy: Avoid Directly Using User Input in URLs for requests

  • Mitigation Strategy: Avoid Directly Using User Input in URLs for requests
  • Description:
    1. Identify User Input in URLs: Find code where user data is directly in URLs for requests.
    2. Use Parameterized Queries in requests: Use requests's params for GET requests with user input.
    3. Use Request Body in requests: Use data or json parameters for POST/PUT requests with user input in requests.
    4. Templating (Carefully): If URL templating is needed for requests, use safe libraries and encode user input.
  • Threats Mitigated:
    • Server-Side Request Forgery (SSRF) (High Severity): Reduces SSRF risk by making URL manipulation harder in requests.
    • URL Injection (Medium Severity): Prevents URL injection by avoiding direct user input in requests URLs.
  • Impact:
    • Server-Side Request Forgery (SSRF): Partially reduces risk by making URL manipulation harder for requests.
    • URL Injection: Significantly reduces risk by preventing direct URL manipulation in requests.
  • Currently Implemented: Partially implemented. Parameterized queries are used in some cases with requests.
  • Missing Implementation: Refactor code to consistently use parameterized queries and request bodies for user input in requests.

Mitigation Strategy: Set Timeouts for requests

  • Mitigation Strategy: Set Timeouts for requests
  • Description:
    1. Implement timeout Parameter: For every requests call, explicitly set the timeout parameter.
    2. Set Connect Timeout: Configure a connect timeout (e.g., 5-10 seconds) for requests.
    3. Set Read Timeout: Configure a read timeout (e.g., 10-30 seconds) for requests.
    4. Handle Timeout Exceptions: Handle requests.exceptions.Timeout exceptions gracefully.
  • Threats Mitigated:
    • Denial of Service (DoS) (Medium Severity): Prevents application hangs due to slow servers when using requests.
    • Resource Exhaustion (Medium Severity): Prevents resource exhaustion by timing out stalled requests.
  • Impact:
    • Denial of Service (DoS): Significantly reduces risk of application hangs when using requests.
    • Resource Exhaustion: Significantly reduces risk of resource exhaustion due to requests.
  • Currently Implemented: Partially implemented. Timeouts are set in some critical requests calls.
  • Missing Implementation: Ensure timeouts are consistently set for all requests calls.

Mitigation Strategy: Limit Redirects in requests

  • Mitigation Strategy: Limit Redirects in requests
  • Description:
    1. Set max_redirects Parameter: Set max_redirects parameter to a reasonable limit (e.g., 5) in requests.Session or individual requests.
    2. Use Session for Limits: Configure max_redirects in requests.Session for consistent limits.
    3. Handle Redirect Exceptions: Handle requests.exceptions.TooManyRedirects exceptions.
  • Threats Mitigated:
    • Open Redirect Attacks (Medium Severity): Reduces risk of redirects to malicious sites via requests.
    • Denial of Service (DoS) (Low Severity): Prevents DoS from redirect loops in requests.
  • Impact:
    • Open Redirect Attacks: Partially reduces risk by limiting redirects followed by requests.
    • Denial of Service (DoS): Minimally reduces risk of redirect-based DoS via requests.
  • Currently Implemented: No, max_redirects is not explicitly set in requests configuration.
  • Missing Implementation: max_redirects should be configured in requests.Session to limit redirects.

Mitigation Strategy: Validate Redirect URLs in requests

  • Mitigation Strategy: Validate Redirect URLs in requests
  • Description:
    1. Disable Automatic Redirects (Optional): Set allow_redirects=False in requests to disable automatic redirects.
    2. Manually Handle Redirects: If disabled, manually handle redirects by checking response.status_code and response.headers['Location'] from requests.
    3. Validate Redirect URL: Validate redirect URLs before following: scheme, domain allow/denylist, sanitization.
    4. Follow Valid Redirects: Only follow redirects to validated URLs using requests.
  • Threats Mitigated:
    • Open Redirect Attacks (Medium Severity): Significantly reduces open redirect risk by validating redirect destinations in requests.
    • Server-Side Request Forgery (SSRF) (Medium Severity): Prevents SSRF via redirect manipulation in requests.
  • Impact:
    • Open Redirect Attacks: Significantly reduces risk by controlling redirect destinations in requests.
    • Server-Side Request Forgery (SSRF): Partially reduces risk of SSRF via redirects in requests.
  • Currently Implemented: No, redirect URLs are not explicitly validated when using requests.
  • Missing Implementation: Redirect URL validation needs to be implemented, especially for user-controlled URLs or sensitive operations using requests redirects.