Skip to Content [alt-c]

Blog

Comment

In reply to Preventing Server Side Request Forgery in Golang

Reader Jonas Faber on 2024-02-02 at 14:29:

Looking at smokescreen src code i wondered if the is isPublicIPAddress you linked to be safely replaced by by a some std lib method calls. e.g. https://go.dev/play/p/oz2CNqT-2Sr

smokescreen reference: https://github.com/stripe/smokescreen/blob/8c0fa26edf63f35d5632ba7682d78ff07a306819/pkg/smokescreen/smokescreen.go#L168

I will validate it against your shared isPublicIPAddress next, but figured it may be worth to share it here.

Reply

Post a Reply

Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with > are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim (good for code).
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.