highperfocused/imgproxy
1
0
Fork 0
mirror of https://github.com/imgproxy/imgproxy.git synced 2025-10-11 04:32:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

TestServer, AllowNetworks -> http.Transport

Browse Source
This commit is contained in:
Viktor Sokolov
2025-09-11 10:15:31 +02:00
parent 1f6d007948
commit 246ea28864
19 changed files with 425 additions and 388 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
security/source.go
View File

@@ -1,9 +1,6 @@
package security
import (
"fmt"
"net"
"github.com/imgproxy/imgproxy/v3/config"
)
@@ -20,29 +17,3 @@ func VerifySourceURL(imageURL string) error {
return newSourceURLError(imageURL)
}
func VerifySourceNetwork(addr string) error {
host, _, err := net.SplitHostPort(addr)
if err != nil {
host = addr
}
ip := net.ParseIP(host)
if ip == nil {
return newSourceAddressError(fmt.Sprintf("Invalid source address: %s", addr))
}
if !config.AllowLoopbackSourceAddresses && (ip.IsLoopback() || ip.IsUnspecified()) {
return newSourceAddressError(fmt.Sprintf("Loopback source address is not allowed: %s", addr))
}
if !config.AllowLinkLocalSourceAddresses && (ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast()) {
return newSourceAddressError(fmt.Sprintf("Link-local source address is not allowed: %s", addr))
}
if !config.AllowPrivateSourceAddresses && ip.IsPrivate() {
return newSourceAddressError(fmt.Sprintf("Private source address is not allowed: %s", addr))
}
return nil
}