fix: address security review feedback

Tomo1912 · Tomo1912 · commit 4475d773b186 · 2026-01-08T17:52:39.000+01:00
- Disable follow_redirects to prevent SSRF bypass via open redirects
- Add explicit IP obfuscation detection (decimal/octal/hex formats)
- Fix SSL parsing to be fail-secure (only 'false' disables verification)
- Clean up test headers (remove enterprise roleplay language)
- Add comprehensive tests for IP obfuscation parsing
diff --git a/src/fetch/src/mcp_server_fetch/server.py b/src/fetch/src/mcp_server_fetch/server.py
@@ -30,7 +30,8 @@
 
 # SSL Certificate Verification Configuration
 # Set MCP_FETCH_SSL_VERIFY=false to disable SSL verification for internal/self-signed certificates
-SSL_VERIFY = os.getenv("MCP_FETCH_SSL_VERIFY", "true").lower() == "true"
+# NOTE: Only explicit "false" disables verification; any other value (including typos) keeps it enabled.
+SSL_VERIFY = os.getenv("MCP_FETCH_SSL_VERIFY", "true").lower() != "false"
 
 # SSRF Protection Configuration
 # Set MCP_FETCH_ALLOW_PRIVATE_IPS=true to allow fetching from private/internal networks
@@ -72,6 +73,68 @@
 ])
 
 
+def _parse_obfuscated_ip(hostname: str) -> str | None:
+    """
+    Detect and decode obfuscated IP address formats.
+
+    Attackers may use alternative IP representations to bypass SSRF filters:
+    - Decimal: 2130706433 (= 127.0.0.1)
+    - Octal: 0177.0.0.1 (= 127.0.0.1)
+    - Hex: 0x7f000001 (= 127.0.0.1)
+    - Mixed: 0x7f.0.0.1 (= 127.0.0.1)
+
+    Returns the normalized IP string if detected, None otherwise.
+    """
+    hostname = hostname.strip()
+
+    # Try decimal integer format (e.g., 2130706433 = 127.0.0.1)
+    try:
+        if hostname.isdigit():
+            ip_int = int(hostname)
+            if 0 <= ip_int <= 0xFFFFFFFF:  # Valid 32-bit range
+                # Convert to dotted decimal
+                return str(ipaddress.IPv4Address(ip_int))
+    except (ValueError, ipaddress.AddressValueError):
+        pass
+
+    # Try hex format (e.g., 0x7f000001 = 127.0.0.1)
+    try:
+        if hostname.lower().startswith("0x") and "." not in hostname:
+            ip_int = int(hostname, 16)
+            if 0 <= ip_int <= 0xFFFFFFFF:
+                return str(ipaddress.IPv4Address(ip_int))
+    except (ValueError, ipaddress.AddressValueError):
+        pass
+
+    # Try octal/hex dotted format (e.g., 0177.0.0.1 or 0x7f.0.0.1)
+    # Only return if there's actual obfuscation (hex prefix or leading zeros)
+    if "." in hostname:
+        parts = hostname.split(".")
+        if len(parts) == 4:
+            try:
+                octets = []
+                has_obfuscation = False
+                for part in parts:
+                    part = part.strip()
+                    if part.lower().startswith("0x"):
+                        octets.append(int(part, 16))
+                        has_obfuscation = True
+                    elif part.startswith("0") and len(part) > 1 and part.isdigit():
+                        # Octal format (leading zero with more digits)
+                        octets.append(int(part, 8))
+                        has_obfuscation = True
+                    else:
+                        octets.append(int(part))
+
+                # Only return if we detected obfuscation AND result is valid
+                if has_obfuscation and all(0 <= o <= 255 for o in octets):
+                    return f"{octets[0]}.{octets[1]}.{octets[2]}.{octets[3]}"
+            except ValueError:
+                pass
+
+    return None
+
+
 def _is_ip_private_or_reserved(ip_str: str) -> bool:
     """
     Check if an IP address is private, reserved, loopback, or link-local.
@@ -202,9 +265,22 @@ def validate_url_for_ssrf(url: str) -> None:
             f"This hostname is associated with internal services.",
         ))
 
-    # Try to parse hostname as IP address directly (handles obfuscation)
+    # Check for obfuscated IP addresses (decimal, octal, hex encoding)
+    # Python's ipaddress module does NOT parse these from strings, so we handle them explicitly
+    obfuscated_ip = _parse_obfuscated_ip(hostname)
+    if obfuscated_ip:
+        if _is_ip_private_or_reserved(obfuscated_ip):
+            if not ALLOW_PRIVATE_IPS:
+                raise McpError(ErrorData(
+                    code=INVALID_PARAMS,
+                    message=f"Access to obfuscated private IP address '{hostname}' "
+                    f"(decoded: {obfuscated_ip}) is blocked. "
+                    f"Set MCP_FETCH_ALLOW_PRIVATE_IPS=true to allow internal network access.",
+                ))
+        return
+
+    # Try to parse hostname as standard IP address
     try:
-        # This handles decimal (2130706433), octal (0177.0.0.1), hex (0x7f.0.0.1)
         ip = ipaddress.ip_address(hostname)
         if _is_ip_private_or_reserved(str(ip)):
             if not ALLOW_PRIVATE_IPS:
@@ -305,7 +381,7 @@ async def check_may_autonomously_fetch_url(url: str, user_agent: str, proxy_url:
         try:
             response = await client.get(
                 robot_txt_url,
-                follow_redirects=True,
+                follow_redirects=False,
                 headers={"User-Agent": user_agent},
                 timeout=30,
             )
@@ -383,7 +459,7 @@ async def fetch_url(
         try:
             response = await client.get(
                 url,
-                follow_redirects=True,
+                follow_redirects=False,
                 headers={"User-Agent": user_agent},
                 timeout=30,
             )
diff --git a/src/fetch/tests/test_security.py b/src/fetch/tests/test_security.py
@@ -1,16 +1,11 @@
 """
-Enterprise Security Test Suite for MCP Fetch Server
-====================================================
+Security regression tests for fetch server.
 
 This test suite validates the security controls implemented in server.py:
 1. SSL Certificate Verification Toggle
 2. SSRF (Server-Side Request Forgery) Protection
 3. Payload Size Limits
 4. URL Scheme Validation
-
-Author: Enterprise Security Team
-Date: 2025-12-31
-Coverage Target: 95%+
 """
 
 import os
@@ -27,6 +22,7 @@
     _is_hostname_blocked,
     _is_hostname_whitelisted,
     _normalize_hostname,
+    _parse_obfuscated_ip,
     fetch_url,
     extract_content_from_html,
     BLOCKED_HOSTNAMES,
@@ -126,8 +122,8 @@ async def test_ssl_verify_invalid_value_defaults_to_false(self, reset_env):
         import mcp_server_fetch.server as server_module
         importlib.reload(server_module)
 
-        # 'invalid'.lower() == 'true' is False
-        assert server_module.SSL_VERIFY is False
+        # Fail-secure: only explicit "false" disables SSL verification
+        assert server_module.SSL_VERIFY is True
 
     @pytest.mark.asyncio
     async def test_ssl_disabled_allows_self_signed(self, reset_env):
@@ -166,7 +162,60 @@ async def test_ssl_disabled_allows_self_signed(self, reset_env):
 
 
 # =============================================================================
-# 2. SSRF PROTECTION TESTS
+# 2. IP OBFUSCATION PARSING TESTS
+# =============================================================================
+
+class TestIPObfuscationParsing:
+    """Test suite for IP obfuscation detection and parsing."""
+
+    @pytest.mark.parametrize("obfuscated,expected", [
+        # Decimal encoding (127.0.0.1 = 2130706433)
+        ("2130706433", "127.0.0.1"),
+        # Decimal encoding (169.254.169.254 = 2852039166)
+        ("2852039166", "169.254.169.254"),
+        # Hex encoding
+        ("0x7f000001", "127.0.0.1"),
+        ("0x7F000001", "127.0.0.1"),  # uppercase
+        # Octal dotted format
+        ("0177.0.0.1", "127.0.0.1"),
+        ("0177.0.0.01", "127.0.0.1"),
+        # Hex dotted format
+        ("0x7f.0.0.1", "127.0.0.1"),
+        ("0x7f.0x0.0x0.0x1", "127.0.0.1"),
+    ])
+    def test_parses_obfuscated_ips(self, obfuscated, expected):
+        """Obfuscated IP formats should be correctly decoded."""
+        result = _parse_obfuscated_ip(obfuscated)
+        assert result == expected, f"Failed to parse {obfuscated}"
+
+    @pytest.mark.parametrize("normal_input", [
+        "127.0.0.1",  # Normal IP - not obfuscated
+        "example.com",  # Hostname
+        "google.com",
+        "192.168.1.1",  # Normal private IP
+        "",  # Empty
+        "not-an-ip",
+    ])
+    def test_returns_none_for_normal_inputs(self, normal_input):
+        """Normal hostnames and IPs should return None (not obfuscated)."""
+        result = _parse_obfuscated_ip(normal_input)
+        assert result is None, f"Should not parse {normal_input} as obfuscated"
+
+    def test_blocks_obfuscated_loopback_via_validation(self):
+        """Obfuscated loopback should be blocked by validate_url_for_ssrf."""
+        with pytest.raises(McpError) as exc_info:
+            validate_url_for_ssrf("http://2130706433/")
+        assert "obfuscated" in str(exc_info.value).lower() or "blocked" in str(exc_info.value).lower()
+
+    def test_blocks_obfuscated_metadata_via_validation(self):
+        """Obfuscated metadata IP should be blocked by validate_url_for_ssrf."""
+        with pytest.raises(McpError) as exc_info:
+            validate_url_for_ssrf("http://2852039166/")  # 169.254.169.254
+        assert "obfuscated" in str(exc_info.value).lower() or "blocked" in str(exc_info.value).lower()
+
+
+# =============================================================================
+# 3. SSRF PROTECTION TESTS
 # =============================================================================
 
 class TestSSRFProtection:
