MCPcopy Index your code
hub / github.com/docker/docker-agent / NewSafeClient

Function NewSafeClient

pkg/httpclient/safeclient.go:26–35  ·  view source on GitHub ↗

NewSafeClient returns the HTTP client used by built-in tools that issue outbound calls to URLs the operator (or a fetched OpenAPI spec) supplies. The default refuses connections to non-public IPs at dial time — defeating DNS rebinding to loopback / RFC1918 / link-local incl. cloud metadata at 169.2

(timeout time.Duration, unsafe bool)

Source from the content-addressed store, hash-verified

24// exists ONLY for tests, which use [httptest.NewServer] (binds to 127.0.0.1)
25// and therefore cannot pass the SSRF check.
26func NewSafeClient(timeout time.Duration, unsafe bool) *http.Client {
27 if unsafe {
28 return &http.Client{Timeout: timeout}
29 }
30 return &http.Client{
31 Timeout: timeout,
32 Transport: NewSSRFSafeTransport(),
33 CheckRedirect: BoundedRedirects(10),
34 }
35}

Callers 13

StartMethod · 0.92
oauth_helpers.goFile · 0.92
TestMainFunction · 0.92
PerformOAuthLoginFunction · 0.92
fetchSpecMethod · 0.92
callToolMethod · 0.92
callToolMethod · 0.92
cache.goFile · 0.92
TestMainFunction · 0.92
defaultHTTPPostClientFunction · 0.92
lookupFunction · 0.92

Calls 2

NewSSRFSafeTransportFunction · 0.85
BoundedRedirectsFunction · 0.85

Tested by 4

TestMainFunction · 0.74
TestMainFunction · 0.74
lookupFunction · 0.74