Skip to content

Latest commit

 

History

History
110 lines (75 loc) · 6.91 KB

mitigations.md

File metadata and controls

110 lines (75 loc) · 6.91 KB

Mitigation Strategies Analysis for psf/requests

Mitigation Strategy: Always Verify SSL Certificates

  • Mitigation Strategy: Always Verify SSL Certificates (using requests' verify parameter)

    • Description:

      1. Ensure the verify parameter in requests calls is either omitted (defaulting to True) or explicitly set to True: requests.get(url, verify=True).
      2. For custom Certificate Authorities (CAs), provide the CA bundle path to verify: requests.get(url, verify='/path/to/ca_bundle.pem').
      3. Never set verify=False in production. If temporarily disabling during development (strongly discouraged), use environment variables to control this, ensuring it's never off in deployment.

    • Threats Mitigated:

      • Man-in-the-Middle (MitM) Attacks: (Severity: Critical) - Attacker intercepts connection, presents fake certificate, decrypts/modifies traffic.
      • Data Breaches: (Severity: Critical) - Sensitive data transmitted can be stolen.
      • Data Tampering: (Severity: High) - Attacker can modify data.

    • Impact:

      • MitM Attacks: Risk reduced from Critical to Negligible (with proper CA management).
      • Data Breaches: Risk reduced from Critical to Negligible (if MitM prevented).
      • Data Tampering: Risk reduced from High to Negligible (if MitM prevented).

    • Currently Implemented: Yes, in api_client.py (default verify=True). data_fetcher.py uses a custom CA bundle.

    • Missing Implementation: Missing in test_utils.py (some tests disable verification). Refactor to use a mock CA or alternative testing approach.

Mitigation Strategy: Use Timeouts

  • Mitigation Strategy: Use Timeouts (using requests' timeout parameter)

    • Description:

      1. Always set the timeout parameter in requests calls: requests.get(url, timeout=5).
      2. Use a tuple for finer control: requests.get(url, timeout=(connect_timeout, read_timeout)).
      3. Handle requests.exceptions.Timeout exceptions gracefully. Implement retry logic (with limits) if appropriate.

    • Threats Mitigated:

      • Denial of Service (DoS): (Severity: Medium) - Slow servers can cause hangs.
      • Resource Exhaustion: (Severity: Medium) - Hanging requests consume resources.

    • Impact:

      • DoS: Risk reduced from Medium to Low (with appropriate timeouts/handling).
      • Resource Exhaustion: Risk reduced from Medium to Low.

    • Currently Implemented: api_client.py (10-second timeout). data_fetcher.py (separate connect/read timeouts).

    • Missing Implementation: Missing in report_generator.py. Add timeouts to external service calls.

Mitigation Strategy: Control Redirects

  • Mitigation Strategy: Control Redirects (using requests' allow_redirects and max_redirects parameters)

    • Description:

      1. If redirects are not expected, set allow_redirects=False: requests.get(url, allow_redirects=False).
      2. If redirects are expected, limit them with max_redirects: requests.get(url, max_redirects=5).
      3. Inspect response.history (list of redirect Response objects) and validate the final URL (response.url).

    • Threats Mitigated:

      • Open Redirects: (Severity: Medium) - Malicious redirects to phishing/attack sites.
      • SSRF (via redirects): (Severity: High) - Redirects bypass URL validation, access internal resources.

    • Impact:

      • Open Redirects: Risk reduced from Medium to Low (with limits and final URL validation).
      • SSRF (via redirects): Risk reduced from High to Low (combined with URL validation).

    • Currently Implemented: Partially. max_redirects set in api_client.py.

    • Missing Implementation: Missing final URL validation after redirects. Update data_fetcher.py and report_generator.py to inspect response.history and validate.

Mitigation Strategy: Manage HTTP Headers

  • Mitigation Strategy: Manage HTTP Headers (using requests' headers parameter)

    • Description:

      1. Review all uses of the headers parameter: requests.get(url, headers=headers).
      2. Explicitly set User-Agent to a custom value (avoid revealing requests version).
      3. Avoid unnecessary headers (e.g., Referer), unless required.
      4. Remove sensitive headers (e.g., Authorization) before logging request details.

    • Threats Mitigated:

      • Information Disclosure: (Severity: Low) - Default headers reveal application/library details.
      • Data Leakage (through logs): (Severity: Medium) - Sensitive headers logged without redaction.

    • Impact:

      • Information Disclosure: Risk reduced from Low to Negligible.
      • Data Leakage (through logs): Risk reduced from Medium to Negligible (with redaction).

    • Currently Implemented: Partially. User-Agent set in api_client.py. Sensitive headers removed before logging in error_handler.py.

    • Missing Implementation: Inconsistent approach. Review and update data_fetcher.py and report_generator.py.

Mitigation Strategy: Use Streaming for Large Responses

  • Mitigation Strategy: Use Streaming for Large Responses (using requests' stream parameter)

    • Description:

      1. When expecting large responses, use the stream=True parameter in your requests call: response = requests.get(url, stream=True).
      2. Iterate over the response content using response.iter_content(chunk_size=...) or response.iter_lines().
      3. Process the data in chunks, avoiding loading the entire response into memory at once.
      4. Ensure that you properly close the connection after processing the streamed response, either by exiting a with statement or by explicitly calling response.close().

    • Threats Mitigated:

      • Denial of Service (DoS): (Severity: Medium) - Large responses can consume excessive memory, leading to application crashes or slowdowns.
      • Resource Exhaustion: (Severity: Medium) - Similar to DoS, but specifically focuses on memory exhaustion.

    • Impact:

      • DoS: Risk reduced from Medium to Low (by preventing memory overload).
      • Resource Exhaustion: Risk reduced from Medium to Low.

    • Currently Implemented: Implemented in download_large_file function in utils.py.

    • Missing Implementation: Not implemented in process_data function in data_fetcher.py, which potentially receives large JSON responses. This should be updated to use streaming.