GuardAPI Logo
GuardAPI

Fix SSRF (Server Side Request Forgery) in Revel

SSRF in the Revel framework typically occurs when a controller action accepts a URL from a user and fetches it using the default `http.Get` without validation. This allows attackers to scan internal networks, hit loopback services, or exfiltrate cloud metadata (IMDS). In Go, the standard library is powerful but dangerous if you don't restrict the transport layer.

The Vulnerable Pattern

func (c App) FetchContent(url string) revel.Result {
	// DANGER: Directly fetching user-supplied URL
	resp, err := http.Get(url)
	if err != nil {
		return c.RenderError(err)
	}
	defer resp.Body.Close()
	body, _ := io.ReadAll(resp.Body)
	return c.RenderText(string(body))
}

The Secure Implementation

To kill SSRF, you must implement a multi-layered defense. First, parse the input using 'url.Parse' and enforce a strict 'https' scheme. Second, use an allowlist for hosts; never use a denylist as it is easily bypassed with DNS tricks or decimal IP encoding. Third, configure a custom 'http.Client' that disables redirects ('CheckRedirect') to prevent attackers from bypassing host checks via 302 jumps. Finally, use 'io.LimitReader' to prevent resource exhaustion (DoS) from oversized backend responses.

func (c App) FetchContent(target string) revel.Result {
	allowedHosts := map[string]bool{"api.trusted.com": true, "images.trusted.com": true}
	u, err := url.Parse(target)
	if err != nil || u.Scheme != "https" {
		return c.Forbidden("Invalid protocol")
	}
	if !allowedHosts[u.Host] {
		return c.Forbidden("Unauthorized host")
	}

// Use a hardened client with short timeouts and no redirect following
client := &http.Client{
	Timeout: 5 * time.Second,
	CheckRedirect: func(req *http.Request, via []*http.Request) error {
		return http.ErrUseLastResponse // Block redirect-based SSRF
	},
}

resp, err := client.Get(u.String())
if err != nil {
	return c.RenderError(err)
}
defer resp.Body.Close()
body, _ := io.ReadAll(io.LimitReader(resp.Body, 1024*1024)) // Limit response size
return c.RenderText(string(body))


}

System Alert • ID: 9811
Target: Revel API
Potential Vulnerability

Your Revel API might be exposed to SSRF (Server Side Request Forgery)

74% of Revel apps fail this check. Hackers use automated scanners to find this specific flaw. Check your codebase before they do.

RUN FREE SECURITY DIAGNOSTIC
GuardLabs Engine: ONLINE

Free Tier • No Credit Card • Instant Report

Verified by Ghost Labs Security Team

This content is continuously validated by our automated security engine and reviewed by our research team. Ghost Labs analyzes over 500+ vulnerability patterns across 40+ frameworks to provide up-to-date remediation strategies.

About GuardLabs → Follow us on X