ssrf_filter icon indicating copy to clipboard operation
ssrf_filter copied to clipboard

Published 20 hours ago verified publisher icon arkadiyt

Add option to disable unsafe IP protection

Open joao-esteves opened this issue 2 years ago • 0 comments

Use Case

I want to add a unit test in a project to catch the exception caused by #56. In it, I'm forced to make a remote request because ssrf_filter doesn't allow local IPs when caling SsrfFilter.get('http://api.localhost/X.json').

I am unsure of the utility of this, due to my lack of knowledge in the gem, thus I opened this issue for discussion. Note that my test does catch the exception with a local request when I manually disable the protection inside the gem.

Relevant Code

The protection is at lib/ssrf_filter/ssrf_filter.rb:129:

public_addresses = ip_addresses.reject(&method(:unsafe_ip_address?))

The option would disable this reject.

joao-esteves avatar Oct 14 '22 17:10 joao-esteves