For information about how to report security vulnerabilities, please see the OSCAL Compass Community Security Policy.
Compliance-trestle implements comprehensive SSRF protection when fetching remote OSCAL content via HTTPS or SFTP. This protection uses a two-tier defense system to prevent malicious actors from exploiting the fetching mechanism to access internal resources or cloud metadata endpoints.
The following address ranges and endpoints are always blocked regardless of configuration, as they have zero legitimate use for OSCAL content fetching:
- Loopback addresses:
127.0.0.0/8(IPv4),::1/128(IPv6) - Link-local addresses:
169.254.0.0/16(IPv4),fe80::/10(IPv6) - Cloud metadata endpoints:
169.254.169.254(AWS, Azure, GCP)metadata.google.internal(GCP)metadata.azure.com(Azure alternative)100.100.100.200(Alibaba Cloud)
These ranges are blocked to prevent:
- Access to localhost services
- Exploitation of cloud metadata endpoints to steal credentials
- Access to link-local services
RFC 1918 private IP ranges are allowed by default to support legitimate use cases such as private GitLab instances or internal OSCAL repositories:
10.0.0.0/8172.16.0.0/12192.168.0.0/16fc00::/7(IPv6 unique local)
To block private IP ranges, set the environment variable:
export TRESTLE_BLOCK_PRIVATE_IPS=trueWhen private IPs are allowed (default), trestle logs a warning when accessing them to maintain visibility.
For additional security, you can restrict fetching to specific domains by configuring an allowed domains list. When configured, only URLs from the specified domains will be permitted.
Trestle implements multiple layers of path traversal protection:
- URL Path Validation: Blocks
..sequences in URL paths to prevent directory traversal - Cache Path Validation: Ensures cached files remain within the designated cache directory
- Workspace Boundary Enforcement: Validates that local file operations stay within the trestle workspace
- Sensitive File Protection: Blocks access to sensitive system files even when outside-workspace access is allowed:
/etc/passwd,/etc/shadow,/etc/group,/etc/sudoers- SSH keys (
.ssh/) - Cloud credentials (
.aws/,.docker/,.kube/) - System logs (
/var/log/) - Database files (
/var/lib/mysql/) - Windows system files (
C:\Windows\System32\, credentials) - Process information (
/proc/self/environ)
Only HTTPS and SFTP schemes are allowed for remote URLs. HTTP, FTP, and other protocols are rejected to ensure encrypted transport.
By default, only standard ports are allowed:
- HTTPS: port 443
- SFTP: port 22
Non-standard ports are blocked unless explicitly configured.
When using compliance-trestle to fetch remote OSCAL content:
- Use HTTPS URLs from trusted sources
- Enable private IP blocking (
TRESTLE_BLOCK_PRIVATE_IPS=true) in production environments unless you specifically need to access private repositories - Configure domain allowlists when fetching from a known set of trusted domains
- Monitor logs for warnings about private IP access
- Keep trestle updated to receive the latest security fixes
- Review fetched content before using it in production compliance workflows
The SSRF and path traversal protections are comprehensively tested with 100% code coverage. Tests include:
- Blocking of all Tier 1 addresses and endpoints
- Configurable blocking of Tier 2 private ranges
- Path traversal attack vectors
- Sensitive file access attempts
- Real-world attack scenarios from security advisories
- v4.x: Introduced two-tier SSRF protection system (GHSA-w76h-q7c6-jpjp fix)
- v3.x and earlier: Limited SSRF protection (vulnerable)
- GHSA-w76h-q7c6-jpjp - SSRF vulnerability advisory
- OWASP SSRF Prevention Cheat Sheet
- CWE-918: Server-Side Request Forgery (SSRF)