lzh/picoclaw
1
0
Fork 0
mirror of https://github.com/sipeed/picoclaw.git synced 2026-06-12 18:08:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(tools): block 198.18.0.0/15 in SSRF guard

Browse Source 
RFC 2544 benchmark addresses (198.18.0.0/15) are not globally routable
but were missing from the isPrivateOrRestrictedIP blocklist, allowing
SSRF bypasses via literal IPv4.

Fixes #3077
This commit is contained in:
Yue_chen
2026-06-09 19:00:28 +08:00
parent 46b29a0ae9
commit 2ecdb893d5
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/tools/integration/web_test.go
+4
View File
@@ -966,6 +966,10 @@ func TestIsPrivateOrRestrictedIP_Table(t *testing.T) {
{"192.168.1.1", true, "IPv4 private class C"},
{"169.254.169.254", true, "link-local / cloud metadata"},
{"100.64.0.1", true, "carrier-grade NAT"},
{"198.18.0.1", true, "RFC 2544 benchmark"},
{"198.19.255.1", true, "RFC 2544 benchmark end"},
{"198.17.0.1", false, "just before 198.18.0.0/15"},
{"198.20.0.1", false, "just after 198.19.255.255"},
{"0.0.0.0", true, "unspecified"},
{"8.8.8.8", false, "public DNS"},
{"1.1.1.1", false, "public DNS"},