peihaoyu/forest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🐛 增加对当前 host 是否为 IPv4 和 IPv6 地址的判断

Browse Source 
🐛 增加对当前 host 是否为 IPv4 和 IPv6 地址的判断
This commit is contained in:
ronger 2024-01-12 08:14:37 +08:00 committed by GitHub
commit 441bf50611
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/java/com/rymcu/forest/util/SSRFUtil.java
View File

@ -1,5 +1,6 @@
package com.rymcu.forest.util; package com.rymcu.forest.util;
import com.google.common.net.InetAddresses;
import com.google.common.net.InternetDomainName; import com.google.common.net.InternetDomainName;
import java.net.MalformedURLException; import java.net.MalformedURLException;
@ -22,9 +23,10 @@ public class SSRFUtil {
try { try {
// 获取域名并转为小写 // 获取域名并转为小写
String host = url.getHost().toLowerCase(); String host = url.getHost().toLowerCase();
// 禁止内网 IP // 判断是不是 IPv4 IPv6
if (internalIp(host)) { if (InetAddresses.isInetAddress(host)) {
return false; // 禁止内网 IP
return !internalIp(host);
} }
if (checkWhiteList) { if (checkWhiteList) {
// 获取一级域名 // 获取一级域名
@ -38,7 +40,7 @@ public class SSRFUtil {
} }
public static void main(String[] args) throws MalformedURLException { public static void main(String[] args) throws MalformedURLException {
URL url = new URL("http://127.0.0.1:8080"); URL url = new URL("https://rymcu.com");
boolean b = checkUrl(url, false); boolean b = checkUrl(url, false);
System.out.println(b); System.out.println(b);
} }
@ -50,7 +52,7 @@ public class SSRFUtil {
private static boolean internalIp(byte[] addr) { private static boolean internalIp(byte[] addr) {
if (Objects.isNull(addr) || addr.length < 2) { if (Objects.isNull(addr) || addr.length < 2) {
return true; return false;
} }
final byte b0 = addr[0]; final byte b0 = addr[0];
final byte b1 = addr[1]; final byte b1 = addr[1];