security: SSRF protection + ruff format CI fix

rayketcham · claude · rayketcham · commit c0a3c8f7d2b2 · 2026-04-01T21:10:21.000Z
- Block private/loopback/link-local IPs in URL ingestion (SSRF fix)
- validate_url() now resolves hostnames and rejects private ranges
- fetch_url_content() calls validate_url() before any HTTP request
- Disabled follow_redirects to prevent redirect-chain SSRF bypass
- Applied ruff format to all files (CI formatting check was failing)

Tests: 356 → 362 (+6 SSRF protection tests)

Co-Authored-By: Claude &lt;noreply@anthropic.com&gt;
diff --git a/src/project_forge/cron/horizontal.py b/src/project_forge/cron/horizontal.py
@@ -132,9 +132,7 @@ async def run_horizontal_cycle(db: Database) -> list[Idea]:
 
     if len(ideas) < 2:
         # Fallback: generate a second cross-category idea with a different pair
-        cat_c, cat_d = await pick_cross_category_pair(
-            db, exclude=[(cat_a, cat_b)]
-        )
+        cat_c, cat_d = await pick_cross_category_pair(db, exclude=[(cat_a, cat_b)])
         idea2 = await generate_cross_idea(db, cat_c, cat_d)
         await db.save_idea(idea2)
         await db.record_category_pair(cat_c.value, cat_d.value, idea2.id)
diff --git a/src/project_forge/engine/introspect.py b/src/project_forge/engine/introspect.py
@@ -51,11 +51,17 @@ def gather_self_context() -> dict:
     # --- Open GitHub issues ---
     open_issues: list[dict] = []
     try:
-        result = _run([
-            "gh", "issue", "list",
-            "--state", "open",
-            "--json", "title,number,labels,url",
-        ])
+        result = _run(
+            [
+                "gh",
+                "issue",
+                "list",
+                "--state",
+                "open",
+                "--json",
+                "title,number,labels,url",
+            ]
+        )
         if result.returncode == 0 and result.stdout.strip():
             open_issues = json.loads(result.stdout)
     except (FileNotFoundError, subprocess.TimeoutExpired, json.JSONDecodeError) as exc:
@@ -164,8 +170,7 @@ def build_introspection_prompt(context: dict, recent_improvements: list[str]) ->
     issues = context.get("open_issues", [])
     if issues:
         issues_lines = "\n".join(
-            f"- #{i.get('number', '?')}: {i.get('title', '(no title)')} — {i.get('url', '')}"
-            for i in issues
+            f"- #{i.get('number', '?')}: {i.get('title', '(no title)')} — {i.get('url', '')}" for i in issues
         )
     else:
         issues_lines = "(no open issues)"
diff --git a/src/project_forge/engine/url_ingest.py b/src/project_forge/engine/url_ingest.py
@@ -1,6 +1,8 @@
 """URL ingestion engine — fetch URLs, extract content, generate ideas."""
 
+import ipaddress
 import re
+import socket
 from dataclasses import dataclass
 from urllib.parse import parse_qs, urlencode, urlparse
 
@@ -31,16 +33,70 @@ class UrlContent:
     text: str
 
 
+def _check_ssrf(hostname: str) -> None:
+    """Resolve hostname and raise ValueError if it resolves to a private/reserved address.
+
+    Protects against Server-Side Request Forgery (SSRF) by blocking requests
+    to loopback, private, link-local, and other reserved IP ranges.
+
+    Raises:
+        ValueError: If the hostname resolves to a non-public IP address.
+        socket.gaierror: If the hostname cannot be resolved (propagated to caller).
+    """
+    try:
+        addrinfos = socket.getaddrinfo(hostname, None)
+    except socket.gaierror:
+        # DNS resolution failure — not a private IP issue; let caller handle
+        raise
+
+    for addrinfo in addrinfos:
+        raw_ip = addrinfo[4][0]
+        try:
+            addr = ipaddress.ip_address(raw_ip)
+        except ValueError:
+            continue
+        if addr.is_loopback or addr.is_private or addr.is_link_local or addr.is_reserved:
+            raise ValueError(f"Requests to private/reserved addresses are not allowed: {raw_ip}")
+
+
 def validate_url(url: str) -> bool:
-    """Check if URL is valid http(s)."""
+    """Check if URL is valid http(s) and does not point to a private/reserved address.
+
+    Returns:
+        True if the URL is structurally valid and resolves to a public address.
+
+    Raises:
+        ValueError: If the URL resolves to a private, loopback, or link-local IP (SSRF guard).
+    """
     if not url:
         return False
     try:
         parsed = urlparse(url)
-        return parsed.scheme in ("http", "https") and bool(parsed.netloc)
+        if not (parsed.scheme in ("http", "https") and bool(parsed.netloc)):
+            return False
     except Exception:
         return False
 
+    # Strip port from netloc to get bare hostname for DNS resolution
+    hostname = parsed.hostname
+    if not hostname:
+        return False
+
+    # For bare IP addresses, validate directly without a DNS lookup
+    try:
+        addr = ipaddress.ip_address(hostname)
+        if addr.is_loopback or addr.is_private or addr.is_link_local or addr.is_reserved:
+            raise ValueError(f"Requests to private/reserved addresses are not allowed: {hostname}")
+        return True
+    except ValueError as exc:
+        # Re-raise only the SSRF guard errors; ignore the "not a valid IP" parse error
+        if "not allowed" in str(exc):
+            raise
+
+    # Hostname is not a bare IP — resolve via DNS
+    _check_ssrf(hostname)
+    return True
+
 
 def extract_domain(url: str) -> str:
     """Extract clean domain from URL (strip www.)."""
@@ -63,8 +119,19 @@ def clean_url(url: str) -> str:
 
 
 async def fetch_url_content(url: str) -> UrlContent:
-    """Fetch URL and extract content."""
-    async with httpx.AsyncClient(follow_redirects=True, timeout=30.0) as client:
+    """Fetch URL and extract content.
+
+    Validates the URL for SSRF safety before making any network request.
+    Redirects are disabled to prevent redirect-based SSRF bypasses.
+
+    Raises:
+        ValueError: If the URL resolves to a private/reserved address.
+        UrlFetchError: If the HTTP response indicates an error (status >= 400).
+    """
+    # SSRF guard — must run before any network I/O
+    validate_url(url)
+
+    async with httpx.AsyncClient(follow_redirects=False, timeout=30.0) as client:
         response = await client.get(url)
 
     if response.status_code >= 400:
diff --git a/tests/test_compare.py b/tests/test_compare.py
@@ -277,9 +277,7 @@ async def test_compare_with_repo_from_list(self, client_with_idea):
         ):
             # Simulate list_org_repos returning realistic gh output
             mock_run.return_value.returncode = 0
-            mock_run.return_value.stdout = (
-                "rayketcham-lab/pki-ca-engine\tPKI CA\tpublic\n"
-            )
+            mock_run.return_value.stdout = "rayketcham-lab/pki-ca-engine\tPKI CA\tpublic\n"
             mock_run.return_value.stderr = ""
 
             resp = await client.get("/api/repos")
diff --git a/tests/test_csp_security.py b/tests/test_csp_security.py
@@ -31,15 +31,9 @@ async def test_csp_no_unsafe_inline_scripts(client):
     assert csp, "CSP header is missing entirely"
 
     # Extract only the script-src directive value
-    directives = {
-        part.strip().split()[0]: part.strip()
-        for part in csp.split(";")
-        if part.strip()
-    }
+    directives = {part.strip().split()[0]: part.strip() for part in csp.split(";") if part.strip()}
     script_src = directives.get("script-src", "")
-    assert "'unsafe-inline'" not in script_src, (
-        f"'unsafe-inline' must not appear in script-src. Got: {script_src!r}"
-    )
+    assert "'unsafe-inline'" not in script_src, f"'unsafe-inline' must not appear in script-src. Got: {script_src!r}"
 
 
 def test_no_inline_script_blocks_in_templates():
@@ -57,10 +51,7 @@ def test_no_inline_script_blocks_in_templates():
             if stripped.startswith("<script") and "src=" not in stripped:
                 violations.append(f"{path.name}:{lineno}: {line.strip()}")
 
-    assert not violations, (
-        "Inline <script> blocks found in templates — move to app.js:\n"
-        + "\n".join(violations)
-    )
+    assert not violations, "Inline <script> blocks found in templates — move to app.js:\n" + "\n".join(violations)
 
 
 def test_no_onclick_handlers_in_templates():
@@ -76,9 +67,8 @@ def test_no_onclick_handlers_in_templates():
             if "onclick=" in line:
                 violations.append(f"{path.name}:{lineno}: {line.strip()}")
 
-    assert not violations, (
-        "onclick= attributes found in templates — move to addEventListener in app.js:\n"
-        + "\n".join(violations)
+    assert not violations, "onclick= attributes found in templates — move to addEventListener in app.js:\n" + "\n".join(
+        violations
     )
 
 
@@ -95,14 +85,10 @@ def test_app_js_has_promote_function():
 def test_app_js_has_reject_function():
     """app.js must define the rejectProposal function."""
     content = APP_JS.read_text()
-    assert "rejectProposal" in content, (
-        "rejectProposal function not found in app.js"
-    )
+    assert "rejectProposal" in content, "rejectProposal function not found in app.js"
 
 
 def test_app_js_has_switch_tab():
     """app.js must define the switchTab function (already present, must not be removed)."""
     content = APP_JS.read_text()
-    assert "function switchTab" in content, (
-        "switchTab function not found in app.js — must not be removed"
-    )
+    assert "function switchTab" in content, "switchTab function not found in app.js — must not be removed"
diff --git a/tests/test_dashboard_rendering.py b/tests/test_dashboard_rendering.py
@@ -91,6 +91,7 @@ async def test_super_ideas_stat_shows_count_not_score(self, client):
         number_line = [line for line in lines if "stat-number" in line][-1]
         # Extract the number
         import re
+
         match = re.search(r">(\d+)<", number_line)
         assert match, f"Super Ideas stat should be an integer, got: {number_line}"
         count = int(match.group(1))
diff --git a/tests/test_governance_banner.py b/tests/test_governance_banner.py
@@ -1,6 +1,5 @@
 """Tests for governance banner — autonomous project under human authority."""
 
-
 import pytest
 import pytest_asyncio
 from httpx import ASGITransport, AsyncClient
diff --git a/tests/test_horizontal.py b/tests/test_horizontal.py
@@ -106,19 +106,15 @@ async def test_exclude_parameter(self, db):
 class TestGenerateCrossIdea:
     @pytest.mark.asyncio
     async def test_generates_valid_idea(self, db):
-        idea = await generate_cross_idea(
-            db, IdeaCategory.PQC_CRYPTOGRAPHY, IdeaCategory.COMPLIANCE
-        )
+        idea = await generate_cross_idea(db, IdeaCategory.PQC_CRYPTOGRAPHY, IdeaCategory.COMPLIANCE)
         assert isinstance(idea, Idea)
         assert idea.name
         assert idea.description
         assert idea.feasibility_score > 0
 
     @pytest.mark.asyncio
     async def test_cross_idea_has_crossover_content(self, db):
-        idea = await generate_cross_idea(
-            db, IdeaCategory.SECURITY_TOOL, IdeaCategory.PRIVACY
-        )
+        idea = await generate_cross_idea(db, IdeaCategory.SECURITY_TOOL, IdeaCategory.PRIVACY)
         # The description should reference cross-domain concepts
         assert "cross" in idea.description.lower() or "meets" in idea.description.lower()
 
diff --git a/tests/test_introspect.py b/tests/test_introspect.py
@@ -95,8 +95,18 @@ class TestBuildIntrospectionPrompt:
     def _make_context(self) -> dict:
         return {
             "open_issues": [
-                {"number": 42, "title": "Add rate limiting to API", "labels": [], "url": "https://github.com/x/y/issues/42"},
-                {"number": 7, "title": "Tests missing for scorer module", "labels": [], "url": "https://github.com/x/y/issues/7"},
+                {
+                    "number": 42,
+                    "title": "Add rate limiting to API",
+                    "labels": [],
+                    "url": "https://github.com/x/y/issues/42",
+                },
+                {
+                    "number": 7,
+                    "title": "Tests missing for scorer module",
+                    "labels": [],
+                    "url": "https://github.com/x/y/issues/7",
+                },
             ],
             "recent_commits": [
                 "abc1234 feat: add dashboard tabs",
diff --git a/tests/test_introspect_runner.py b/tests/test_introspect_runner.py
@@ -49,10 +49,16 @@ async def test_run_introspect_cycle_generates_idea(self):
         )
         mock_generator.generate = AsyncMock(return_value=fake_idea)
 
-        with patch("project_forge.cron.introspect_runner.gather_self_context", return_value={
-            "open_issues": [], "recent_commits": [], "test_count": 10,
-            "lint_status": "clean", "code_stats": {"src": 1000, "tests": 500},
-        }):
+        with patch(
+            "project_forge.cron.introspect_runner.gather_self_context",
+            return_value={
+                "open_issues": [],
+                "recent_commits": [],
+                "test_count": 10,
+                "lint_status": "clean",
+                "code_stats": {"src": 1000, "tests": 500},
+            },
+        ):
             idea = await run_introspect_cycle(mock_db, mock_generator)
 
         assert idea is not None
@@ -92,10 +98,19 @@ async def test_run_introspect_cycle_avoids_recent_names(self):
         )
         mock_generator.generate = AsyncMock(return_value=fake_idea)
 
-        with patch("project_forge.cron.introspect_runner.gather_self_context", return_value={
-            "open_issues": [], "recent_commits": [], "test_count": 10,
-            "lint_status": "clean", "code_stats": {},
-        }), patch("project_forge.cron.introspect_runner.build_introspection_prompt") as mock_prompt:
+        with (
+            patch(
+                "project_forge.cron.introspect_runner.gather_self_context",
+                return_value={
+                    "open_issues": [],
+                    "recent_commits": [],
+                    "test_count": 10,
+                    "lint_status": "clean",
+                    "code_stats": {},
+                },
+            ),
+            patch("project_forge.cron.introspect_runner.build_introspection_prompt") as mock_prompt,
+        ):
             mock_prompt.return_value = "fake prompt"
             await run_introspect_cycle(mock_db, mock_generator)
 
diff --git a/tests/test_scaffold_builder.py b/tests/test_scaffold_builder.py
@@ -35,7 +35,6 @@ def test_truncate_long_name(self):
         result = sanitize_repo_name("x" * 200)
         assert len(result) <= 100
 
-
     def test_sanitize_repo_name_all_special_chars(self):
         result = sanitize_repo_name("!@#$%^&*()")
         assert result != "", "All-special-char input must not produce an empty repo name"
diff --git a/tests/test_scaffold_github.py b/tests/test_scaffold_github.py
@@ -208,12 +208,8 @@ def test_push_initial_commit_token_cleaned_on_push_failure(self, mock_run):
 
         # Regardless of push failure, cleanup set-url must have been called
         # with the clean (token-free) URL as the final set-url invocation.
-        set_url_calls = [
-            c for c in mock_run.call_args_list if c[0][0][0:3] == ["git", "remote", "set-url"]
-        ]
-        assert len(set_url_calls) == 2, (
-            "Expected two git remote set-url calls: one to embed token, one to clean it up"
-        )
+        set_url_calls = [c for c in mock_run.call_args_list if c[0][0][0:3] == ["git", "remote", "set-url"]]
+        assert len(set_url_calls) == 2, "Expected two git remote set-url calls: one to embed token, one to clean it up"
         cleanup_call_url = set_url_calls[-1][0][0][-1]
         assert token not in cleanup_call_url, (
             f"Token was NOT cleaned from remote URL after push failure — leaked: {cleanup_call_url}"
diff --git a/tests/test_stat_cards.py b/tests/test_stat_cards.py
@@ -62,7 +62,7 @@ async def test_scaffolded_links_to_projects(self, client):
         # Find scaffolded stat card that links to projects
         scaffolded_idx = text.find("Scaffolded")
         # There should be a link to /projects near the "Scaffolded" label
-        nearby = text[max(0, scaffolded_idx - 300):scaffolded_idx + 50]
+        nearby = text[max(0, scaffolded_idx - 300) : scaffolded_idx + 50]
         assert "/projects" in nearby
 
     @pytest.mark.asyncio
@@ -73,7 +73,7 @@ async def test_super_ideas_links_to_super_tab(self, client):
         super_idx = text.find("Super Ideas")
         assert super_idx > 0
         # The super ideas stat card should have a clickable link
-        nearby = text[max(0, super_idx - 300):super_idx + 50]
+        nearby = text[max(0, super_idx - 300) : super_idx + 50]
         assert "href=" in nearby
 
 
diff --git a/tests/test_storage.py b/tests/test_storage.py
@@ -225,9 +225,7 @@ async def test_list_super_ideas_deduplicates_by_name(db):
         await db.save_idea(idea)
 
     results = await db.list_super_ideas(limit=10)
-    assert len(results) == 1, (
-        f"Expected exactly 1 deduplicated super idea, got {len(results)}"
-    )
+    assert len(results) == 1, f"Expected exactly 1 deduplicated super idea, got {len(results)}"
     assert results[0].feasibility_score == 0.9, (
         f"Expected highest-scoring row (0.9), got {results[0].feasibility_score}"
     )
diff --git a/tests/test_super_ideas.py b/tests/test_super_ideas.py
@@ -165,6 +165,4 @@ async def test_generate_returns_empty_when_too_few_ideas(self, sparse_db):
         """generate() must return [] when there are fewer than 10 ideas."""
         gen = SuperIdeaGenerator(sparse_db)
         result = await gen.generate(count=5)
-        assert result == [], (
-            f"Expected empty list with only 5 ideas in pool, got {result}"
-        )
+        assert result == [], f"Expected empty list with only 5 ideas in pool, got {result}"
diff --git a/tests/test_super_ideas_dashboard_bug.py b/tests/test_super_ideas_dashboard_bug.py
diff --git a/tests/test_url_ingest.py b/tests/test_url_ingest.py
diff --git a/tests/test_web_routes.py b/tests/test_web_routes.py
diff --git a/tests/test_xss_prevention.py b/tests/test_xss_prevention.py
