harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

fix: harden private host detection against SSRF bypass via IP parsing

Browse source 
Security fix for browser tool SSRF prevention via proper IP parsing.
This commit is contained in:
Argenis 2026-02-15 09:13:12 -05:00 committed by GitHub
parent 1eadd88cf5
commit 2ac571f406
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/tools/browser.rs
View file

@ -790,6 +790,25 @@ mod tests {
); );
} }
#[test]
fn extract_host_handles_ipv6() {
// IPv6 with brackets (required for URLs with ports)
assert_eq!(
extract_host("https://[::1]/path").unwrap(),
"[::1]"
);
// IPv6 with brackets and port
assert_eq!(
extract_host("https://[2001:db8::1]:8080/path").unwrap(),
"[2001:db8::1]"
);
// IPv6 with brackets, trailing slash
assert_eq!(
extract_host("https://[fe80::1]/").unwrap(),
"[fe80::1]"
);
}
#[test] #[test]
fn is_private_host_detects_local() { fn is_private_host_detects_local() {
assert!(is_private_host("localhost")); assert!(is_private_host("localhost"));