NewSafeClient returns the HTTP client used by built-in tools that issue outbound calls to URLs the operator (or a fetched OpenAPI spec) supplies. The default refuses connections to non-public IPs at dial time — defeating DNS rebinding to loopback / RFC1918 / link-local incl. cloud metadata at 169.2
(timeout time.Duration, unsafe bool)
| 24 | // exists ONLY for tests, which use [httptest.NewServer] (binds to 127.0.0.1) |
| 25 | // and therefore cannot pass the SSRF check. |
| 26 | func NewSafeClient(timeout time.Duration, unsafe bool) *http.Client { |
| 27 | if unsafe { |
| 28 | return &http.Client{Timeout: timeout} |
| 29 | } |
| 30 | return &http.Client{ |
| 31 | Timeout: timeout, |
| 32 | Transport: NewSSRFSafeTransport(), |
| 33 | CheckRedirect: BoundedRedirects(10), |
| 34 | } |
| 35 | } |