Exception: WSDL::UnsafeRedirectError

Inherits:

FatalError

• Object
• StandardError
• Error
• FatalError
• WSDL::UnsafeRedirectError

Defined in:

lib/wsdl/errors.rb

Overview

Raised when an HTTP redirect targets a restricted destination.

This error prevents SSRF (Server-Side Request Forgery) attacks where a malicious WSDL endpoint redirects to internal network addresses such as cloud metadata services, loopback interfaces, or RFC 1918 private networks.

Examples:

Catching unsafe redirects

begin
  client = WSDL::Client.new('https://evil.example.com/service?wsdl')
rescue WSDL::UnsafeRedirectError => e
  puts "Blocked redirect to: #{e.target_url}"
end

See Also:

• https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html

Instance Attribute Summary

• #target_url ⇒ String^? readonly

  The redirect target URL that was blocked.

Instance Method Summary

• #initialize(message = nil, target_url: nil) ⇒ UnsafeRedirectError constructor

  Creates a new UnsafeRedirectError.

Constructor Details

#initialize(message = nil, target_url: nil) ⇒ UnsafeRedirectError

Creates a new UnsafeRedirectError.

Parameters:

• message (String) (defaults to: nil) —

  error message

• target_url (String, nil) (defaults to: nil) —

  the blocked redirect target

# File 'lib/wsdl/errors.rb', line 479

def initialize(message = nil, target_url: nil)
  @target_url = target_url
  super(message)
end

Instance Attribute Details

#target_url ⇒ String^? (readonly)

Returns the redirect target URL that was blocked.

Returns:

• (String, nil) —

  the redirect target URL that was blocked

# File 'lib/wsdl/errors.rb', line 473

def target_url
  @target_url
end