Kharec/urupam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(validation): block private hosts on first DNS lookup in URL blocking

Browse Source
This commit is contained in:
Sandro CURY CAZZANIGA
2026-02-16 13:16:32 +01:00
parent 4eb2939be4
commit aa68b59fb1
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/Urupam/Validation.pm
View File

@@ -318,9 +318,12 @@ sub is_blocked_url {
$self->_addresses_contain_private($cached) ? 1 : 0 ); $self->_addresses_contain_private($cached) ? 1 : 0 );
} }
# Intentional: skip blocking on cold hosts to keep latency low, DNS runs in background. return $self->_resolve_host($host)->then(
$self->_fire_and_forget( $self->_resolve_host($host) ); sub {
return Mojo::Promise->resolve(0); my $addresses = shift;
return $self->_addresses_contain_private($addresses) ? 1 : 0;
}
);
} }
sub _create_ssrf_safe_ua { sub _create_ssrf_safe_ua {