The current EOfficeClient implementation relies on urllib.request.urlopen, which natively supports a wide range of protocols including file://, ftp://, and gopher://. Since the backend_url is a configurable parameter, this could potentially be exploited to perform Local File Inclusion (LFI) or Server-Side Request Forgery (SSRF) if a project's configuration is tampered with.
Migrating to the requests library would provide a more secure default by restricting supported protocols. Additionally, implementing a basic URL validation layer for the backend_url would ensure the client only connects to legitimate http/https endpoints. This improvement would significantly enhance the robustness of the eOffice integration, especially for enterprise deployments where cross-service communication security is paramount.
The current
EOfficeClientimplementation relies onurllib.request.urlopen, which natively supports a wide range of protocols includingfile://,ftp://, andgopher://. Since thebackend_urlis a configurable parameter, this could potentially be exploited to perform Local File Inclusion (LFI) or Server-Side Request Forgery (SSRF) if a project's configuration is tampered with.Migrating to the
requestslibrary would provide a more secure default by restricting supported protocols. Additionally, implementing a basic URL validation layer for thebackend_urlwould ensure the client only connects to legitimatehttp/httpsendpoints. This improvement would significantly enhance the robustness of the eOffice integration, especially for enterprise deployments where cross-service communication security is paramount.