mirror of
https://github.com/pewdiepie-archdaemon/odysseus.git
synced 2026-07-02 01:22:07 -04:00
Reject resolver results without IPs (#1826)
This commit is contained in:
@@ -79,12 +79,18 @@ def check_outbound_url(
|
|||||||
if not raw_ips:
|
if not raw_ips:
|
||||||
return False, "host does not resolve"
|
return False, "host does not resolve"
|
||||||
|
|
||||||
|
saw_ip = False
|
||||||
for raw in raw_ips:
|
for raw in raw_ips:
|
||||||
|
if not isinstance(raw, str):
|
||||||
|
continue
|
||||||
try:
|
try:
|
||||||
ip = ipaddress.ip_address(raw.split("%")[0]) # strip IPv6 zone id
|
ip = ipaddress.ip_address(raw.split("%")[0]) # strip IPv6 zone id
|
||||||
except ValueError:
|
except ValueError:
|
||||||
continue
|
continue
|
||||||
|
saw_ip = True
|
||||||
reason = _classify(ip, block_private=block_private)
|
reason = _classify(ip, block_private=block_private)
|
||||||
if reason:
|
if reason:
|
||||||
return False, reason
|
return False, reason
|
||||||
|
if not saw_ip:
|
||||||
|
return False, "host does not resolve to an IP"
|
||||||
return True, "ok"
|
return True, "ok"
|
||||||
|
|||||||
@@ -68,3 +68,23 @@ def test_unresolvable_host_blocked():
|
|||||||
ok, reason = check_outbound_url("http://does-not-resolve.invalid", resolver=PUBLIC)
|
ok, reason = check_outbound_url("http://does-not-resolve.invalid", resolver=PUBLIC)
|
||||||
assert ok is False
|
assert ok is False
|
||||||
assert "resolve" in reason
|
assert "resolve" in reason
|
||||||
|
|
||||||
|
|
||||||
|
def test_resolver_values_must_include_a_parseable_ip():
|
||||||
|
ok, reason = check_outbound_url(
|
||||||
|
"https://example.test",
|
||||||
|
resolver=lambda _host: [None, 123, "not-an-ip"],
|
||||||
|
)
|
||||||
|
|
||||||
|
assert ok is False
|
||||||
|
assert "does not resolve to an IP" in reason
|
||||||
|
|
||||||
|
|
||||||
|
def test_resolver_skips_invalid_values_but_accepts_public_ip():
|
||||||
|
ok, reason = check_outbound_url(
|
||||||
|
"https://example.test",
|
||||||
|
resolver=lambda _host: [None, "not-an-ip", "93.184.216.34"],
|
||||||
|
)
|
||||||
|
|
||||||
|
assert ok is True
|
||||||
|
assert reason == "ok"
|
||||||
|
|||||||
Reference in New Issue
Block a user