Resolve host to check for private IP address (#812)

2024-11-22 12:15:36 +01:00 · 2020-07-07 19:47:12 -04:00 · 2020-07-07 19:47:12 -04:00 · 8a46fcd301
commit 8a46fcd301
parent 7af50172e0
1 changed files with 28 additions and 0 deletions
--- a/src/Icons/Services/IconFetchingService.cs
+++ b/src/Icons/Services/IconFetchingService.cs
@ -291,6 +291,13 @@ namespace Bit.Icons.Services
                return null;
            }

+            // Resolve host to make sure it is not an internal/private IP address
+            var hostEntry = Dns.GetHostEntry(uri.Host);
+            if (hostEntry?.AddressList.Any(ip => IsInternal(ip)) ?? true)
+            {
+                return null;
+            }
+
            using (var message = new HttpRequestMessage())
            {
                message.RequestUri = uri;
@ -405,5 +412,26 @@ namespace Bit.Icons.Services
        {
            return uri != null && uri.Scheme == "http" ? "http" : "https";
        }
+
+        public static bool IsInternal(IPAddress ip)
+        {
+            if (IPAddress.IsLoopback(ip))
+            {
+                return true;
+            }
+            else if (ip.ToString() == "::1")
+            {
+                return false;
+            }
+
+            var bytes = ip.GetAddressBytes();
+            return (bytes[0]) switch
+            {
+                10 => true,
+                172 => bytes[1] < 32 && bytes[1] >= 16,
+                192 => bytes[1] == 168,
+                _ => false,
+            };
+        }
    }
 }