opensource
/
dify
mirror of https://github.com/langgenius/dify.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update api/core/helper/ssrf_proxy.py 

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
This commit is contained in:
zyssyz123 2025-12-12 11:31:27 +08:00 committed by GitHub
parent 3f3b9beeff
commit 64f5e34096
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
api/core/helper/ssrf_proxy.py
View File

@ -60,20 +60,11 @@ def is_private_or_local_address(url: str) -> bool:
try:
ip = ipaddress.ip_address(hostname)
# Check if it's a private IP (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 for IPv4)
# For IPv6: fc00::/7 (unique local addresses)
if ip.is_private:
return True
# Check if it's loopback (127.0.0.0/8 for IPv4, ::1 for IPv6)
if ip.is_loopback:
return True
# Check if it's link-local (169.254.0.0/16 for IPv4, fe80::/10 for IPv6)
if ip.is_link_local:
return True
return False
# Check if it's a private, loopback, or link-local address.
# - Private: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7
# - Loopback: 127.0.0.0/8, ::1
# - Link-local: 169.254.0.0/16, fe80::/10
return ip.is_private or ip.is_loopback or ip.is_link_local
except ValueError:
# Not a valid IP address, might be a domain name
# Domain names could resolve to private IPs, but we only check the literal hostname here