IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Consider 0.0.0.0 a private IP

Browse Source
This commit is contained in:
Robin Ward
2018-07-24 11:15:37 -04:00
parent 9fff53407c
commit 236243f38a
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
spec/components/final_destination_spec.rb
View File

@@ -337,6 +337,11 @@ describe FinalDestination do
expect(fd("https://104.25.153.10").is_dest_valid?).to eq(true)
end
it "returns false for short ip" do
expect(FinalDestination.new('https://0/logo.png').is_dest_valid?).to eq(false)
expect(FinalDestination.new('https://1/logo.png').is_dest_valid?).to eq(false)
end
it "returns false for private ipv4" do
expect(fd("https://127.0.0.1").is_dest_valid?).to eq(false)
expect(fd("https://192.168.1.3").is_dest_valid?).to eq(false)