Zamil Majdy 66ebe4376e fix(backend): Increase block request security; Prevent DNS rebinding & open redirect attack (#9688) ...

The current block web requests utility has a logic to avoid the system
firing into blocklisted IPs.
However, the current logic is still prone to a few security issues:

* DNS rebinding attack: due to the lack of guarantee on the used IP not
being changed during the IP checking and firing step.
* Open redirect: due to the request sensitive request headers are still
being propagated throughout the web redirect.

### Changes 🏗️

* Uses IP pinning to request the web.
* Strip `Authorization`, `Proxy-Authorization`, `Cookie` upon web
redirects.

### Checklist 📋

#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Test the web request block, add more tests with different
validation scenarios.

(cherry picked from commit f0df4c9174)

2025-03-25 13:51:20 +07:00

..

test_decorator.py

fix(backend): Fix conn_retry decorator possible incorrect behaviour on failed async function (#8836)

2024-11-29 09:30:36 +00:00

test_request.py

fix(backend): Increase block request security; Prevent DNS rebinding & open redirect attack (#9688)

2025-03-25 13:51:20 +07:00

test_retry.py

fix(backend): Fix conn_retry decorator possible incorrect behaviour on failed async function (#8836)

2024-11-29 09:30:36 +00:00

test_service.py

fix(backend): Fix DatabaseManager usage by calling it on-demand (#8404)

2024-10-23 10:09:23 +07:00

test_type.py

feat(platform): Add implicit typing conversion of nested data-structure (#8231)

2024-10-02 20:57:13 +00:00