53 lines
1.3 KiB
Go
53 lines
1.3 KiB
Go
package utils
|
|
|
|
import (
|
|
"net"
|
|
|
|
"github.com/Wikid82/charon/backend/internal/network"
|
|
)
|
|
|
|
// IsPrivateIP checks if the given host string is a private IPv4 address.
|
|
// Returns false for hostnames, invalid IPs, or public IP addresses.
|
|
//
|
|
// Deprecated: This function only checks IPv4. For comprehensive SSRF protection,
|
|
// use network.IsPrivateIP() directly which handles IPv4, IPv6, and IPv4-mapped IPv6.
|
|
func IsPrivateIP(host string) bool {
|
|
ip := net.ParseIP(host)
|
|
if ip == nil {
|
|
return false
|
|
}
|
|
|
|
// Ensure it's IPv4 (for backward compatibility)
|
|
ip4 := ip.To4()
|
|
if ip4 == nil {
|
|
return false
|
|
}
|
|
|
|
// Use centralized network.IsPrivateIP for consistent checking
|
|
return network.IsPrivateIP(ip)
|
|
}
|
|
|
|
// IsDockerBridgeIP checks if the given host string is likely a Docker bridge network IP.
|
|
// Docker typically uses 172.17.x.x for the default bridge and 172.18-31.x.x for user-defined networks.
|
|
// Returns false for hostnames, invalid IPs, or non-Docker IP addresses.
|
|
func IsDockerBridgeIP(host string) bool {
|
|
ip := net.ParseIP(host)
|
|
if ip == nil {
|
|
return false
|
|
}
|
|
|
|
// Ensure it's IPv4
|
|
ip4 := ip.To4()
|
|
if ip4 == nil {
|
|
return false
|
|
}
|
|
|
|
// Docker bridge network CIDR range: 172.16.0.0/12
|
|
_, dockerNetwork, err := net.ParseCIDR("172.16.0.0/12")
|
|
if err != nil {
|
|
return false
|
|
}
|
|
|
|
return dockerNetwork.Contains(ip4)
|
|
}
|