Expand description
Error types for AntiSSRF operations.
Every fallible operation in this crate returns AntiSSRFError, a single
enum that covers validation failures, configuration mistakes, and runtime
policy violations. The error type implements std::error::Error via
thiserror, and is Clone + PartialEq so it can be cheaply passed
around and compared in tests.
§Error categories
| Variant | Triggered by | Typical cause |
|---|---|---|
IPDisallowed | AntiSSRFPolicy::validate_request, DNS resolution, redirects | Target IP is in a denylist or not in the allowlist |
SchemeDisallowed | AntiSSRFPolicy::validate_request | http:// used when set_allow_plaintext_http is false |
HeaderDenied | AntiSSRFPolicy::validate_request | Request contains a header in the denylist |
HeaderRequired | AntiSSRFPolicy::validate_request | Request is missing a header in the required list |
InvalidHeader | AntiSSRFPolicy configuration methods | Empty or malformed header name supplied at build time |
PolicyLocked | Mutating a locked AntiSSRFPolicy | Attempting to modify a policy after it has been used |
ConflictingConfiguration | AntiSSRFPolicy configuration methods | Logically incompatible options (e.g. denylist + deny_all_unspecified_ips) |
InvalidCIDR | CIDRBlock::parse | Malformed CIDR string such as 10.0.0.0/33 |
InvalidIP | IP parsing helpers | String that does not represent a valid IPv4 or IPv6 address |
InvalidURL | URL parsing helpers | String that is not a valid URL |
RedirectValidationFailed | network middleware | A redirect Location failed re-validation against the active policy |
§Example
use antissrf::{AntiSSRFPolicy, PolicyConfigOptions, AntiSSRFError};
let mut policy = AntiSSRFPolicy::new(PolicyConfigOptions::ExternalOnlyLatest);
policy.set_allow_plaintext_http(false)?;
let mut headers = vec![];
match policy.validate_request("http:", &mut headers) {
Err(AntiSSRFError::SchemeDisallowed) => {
// plaintext HTTP rejected
}
Err(AntiSSRFError::IPDisallowed) => {
// IMDS address blocked
}
Ok(_) => {}
Err(e) => panic!("unexpected error: {}", e),
}Enums§
- AntiSSRF
Error - Error types for AntiSSRF operations.