Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: validateURLForSSRF()

Browse Source
This commit is contained in:
Sandro CURY CAZZANIGA
2025-11-11 16:10:20 +01:00
parent 0026d0d645
commit 325cbe9c2c
1 changed files with 7 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
internal/services/url_metadata_service.go
View File

@@ -450,38 +450,24 @@ func (s *URLMetadataService) optimizedTitleClean(title string) string {
} }
func (s *URLMetadataService) validateURLForSSRF(u *url.URL) error { func (s *URLMetadataService) validateURLForSSRF(u *url.URL) error {
if u == nil { switch {
case u == nil,
u.Scheme != "http" && u.Scheme != "https",
u.Host == "",
u.Hostname() == "",
isLocalhost(u.Hostname()):
return ErrSSRFBlocked return ErrSSRFBlocked
} }
if u.Scheme != "http" && u.Scheme != "https" { ips, err := s.resolver.LookupIP(u.Hostname())
return ErrSSRFBlocked
}
if u.Host == "" {
return ErrSSRFBlocked
}
hostname := u.Hostname()
if hostname == "" {
return ErrSSRFBlocked
}
if isLocalhost(hostname) {
return ErrSSRFBlocked
}
ips, err := s.resolver.LookupIP(hostname)
if err != nil { if err != nil {
return ErrSSRFBlocked return ErrSSRFBlocked
} }
for _, ip := range ips { for _, ip := range ips {
if isPrivateOrReservedIP(ip) { if isPrivateOrReservedIP(ip) {
return ErrSSRFBlocked return ErrSSRFBlocked
} }
} }
return nil return nil
} }