MrUnknownDE/utools
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/utools.git synced 2026-04-17 13:23:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix CodeQL-Alerts

Browse Source
This commit is contained in:
MrUnknownDE
2026-03-05 19:32:01 +01:00
parent b3c7a7bef3
commit d119ecf4a2
2 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/utils.js
View File

@@ -330,6 +330,11 @@ function checkPort(port, host, timeout = 2000) {
resolve({ port, status, service, error: err.code });
});
// Explicit inline guard (defence-in-depth; also satisfies CodeQL SSRF dataflow)
if (!isValidIp(host) || isPrivateIp(host)) {
socket.destroy();
return resolve({ port, status: 'error', service, error: 'Restricted IP' });
}
socket.connect(port, host);
});
}