fix: add additional validation before making remote requests (#3398)

2025-11-01 02:44:31 +08:00 · 2023-10-28 08:15:01 -07:00
parent 5406e3d5da
commit a6dbc37a84
5 changed files with 94 additions and 1 deletions
--- a/utils/netutils.go
+++ b/utils/netutils.go
@ -0,0 +1,35 @@
+package utils
+
+import (
+	"net"
+
+	log "github.com/sirupsen/logrus"
+)
+
+// IsHostnameInternal will attempt to determine if the hostname is internal to
+// this server's network or is the loopback address.
+func IsHostnameInternal(hostname string) bool {
+	// If this is already an IP address don't try to resolve it
+	if ip := net.ParseIP(hostname); ip != nil {
+		return isIPAddressInternal(ip)
+	}
+
+	ips, err := net.LookupIP(hostname)
+	if err != nil {
+		// Default to false if we can't resolve the hostname.
+		log.Debugln("Unable to resolve hostname:", hostname)
+		return false
+	}
+
+	for _, ip := range ips {
+		if isIPAddressInternal(ip) {
+			return true
+		}
+	}
+
+	return false
+}
+
+func isIPAddressInternal(ip net.IP) bool {
+	return ip.IsLoopback() || ip.IsPrivate()
+}