UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

aikido.dev/zen

AikidoSec/firewall-node

16 lines (15 loc) 547 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
/** * Check if the hostname contains a private IP address * This function is used to detect obvious SSRF attacks (with a private IP address being used as the hostname) * * Examples * http://192.168.0.1/some/path * http://[::1]/some/path * http://localhost/some/path * * This function gets to see "192.168.0.1", "[::1]", and "localhost" * * We won't flag this-domain-points-to-a-private-ip.com * This will be handled by the inspectDNSLookupCalls function */ export declare function containsPrivateIPAddress(hostname: string): boolean;