Update: Uncomment check format

oh_security
TAMDeveloper13 1 month ago
parent 130f8acf8f
commit d2ecf0849e

@ -157,7 +157,7 @@ def security_headers_middleware(app: FastAPI):
security_headers_middleware(app)
# app.add_middleware(RequestValidationMiddleware)
app.add_middleware(RequestValidationMiddleware)
# app.add_middleware(
# CSRFProtectMiddleware,
# excluded_paths=["/healthcheck"]

@ -266,37 +266,37 @@ class RequestValidationMiddleware(BaseHTTPMiddleware):
return await handle_exception(request, exc)
async def _validate_and_forward(self, request: Request, call_next):
# -------------------------
# 0. Header validation
# -------------------------
header_keys = [key.lower() for key, _ in request.headers.items()]
# # -------------------------
# # 0. Header validation
# # -------------------------
# header_keys = [key.lower() for key, _ in request.headers.items()]
# Check for duplicate headers
header_counter = Counter(header_keys)
duplicate_headers = [key for key, count in header_counter.items() if count > 1]
# # Check for duplicate headers
# header_counter = Counter(header_keys)
# duplicate_headers = [key for key, count in header_counter.items() if count > 1]
ALLOW_DUPLICATE_HEADERS = {'accept', 'accept-encoding', 'accept-language', 'accept-charset', 'cookie'}
real_duplicates = [h for h in duplicate_headers if h not in ALLOW_DUPLICATE_HEADERS]
if real_duplicates:
raise HTTPException(
status_code=422,
detail=f"Duplicate headers detected: {real_duplicates}",
)
# Whitelist headers
unknown_headers = [key for key in header_keys if key not in ALLOWED_HEADERS]
if unknown_headers:
filtered_unknown = [h for h in unknown_headers if not h.startswith('sec-')]
if filtered_unknown:
raise HTTPException(
status_code=422,
detail=f"Unknown headers detected: {filtered_unknown}",
)
# ALLOW_DUPLICATE_HEADERS = {'accept', 'accept-encoding', 'accept-language', 'accept-charset', 'cookie'}
# real_duplicates = [h for h in duplicate_headers if h not in ALLOW_DUPLICATE_HEADERS]
# if real_duplicates:
# raise HTTPException(
# status_code=422,
# detail=f"Duplicate headers detected: {real_duplicates}",
# )
# # Whitelist headers
# unknown_headers = [key for key in header_keys if key not in ALLOWED_HEADERS]
# if unknown_headers:
# filtered_unknown = [h for h in unknown_headers if not h.startswith('sec-')]
# if filtered_unknown:
# raise HTTPException(
# status_code=422,
# detail=f"Unknown headers detected: {filtered_unknown}",
# )
# Inspect header values
for key, value in request.headers.items():
if value:
inspect_value(value, f"header '{key}'")
# # Inspect header values
# for key, value in request.headers.items():
# if value:
# inspect_value(value, f"header '{key}'")
# -------------------------
# 1. Query string limits

Loading…
Cancel
Save