github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 20:53:33 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #107402 from anguslees/proxyzero

Browse Source 
Reject proxy requests to 0.0.0.0 as well
This commit is contained in:
Kubernetes Prow Robot 2022-01-10 13:34:36 -08:00 committed by GitHub
commit 10ded7501a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/proxy/util/utils.go
View File

@ -97,7 +97,7 @@ func IsProxyableIP(ip string) error {
} }
func isProxyableIP(ip net.IP) error { func isProxyableIP(ip net.IP) error {
if ip.IsLoopback() || ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() || ip.IsInterfaceLocalMulticast() { if !ip.IsGlobalUnicast() {
return ErrAddressNotAllowed return ErrAddressNotAllowed
} }
return nil return nil

2
pkg/proxy/util/utils_test.go
View File

@ -103,6 +103,7 @@ func TestIsProxyableIP(t *testing.T) {
ip string ip string
want error want error
}{ }{
{"0.0.0.0", ErrAddressNotAllowed},
{"127.0.0.1", ErrAddressNotAllowed}, {"127.0.0.1", ErrAddressNotAllowed},
{"127.0.0.2", ErrAddressNotAllowed}, {"127.0.0.2", ErrAddressNotAllowed},
{"169.254.169.254", ErrAddressNotAllowed}, {"169.254.169.254", ErrAddressNotAllowed},
@ -112,6 +113,7 @@ func TestIsProxyableIP(t *testing.T) {
{"192.168.0.1", nil}, {"192.168.0.1", nil},
{"172.16.0.1", nil}, {"172.16.0.1", nil},
{"8.8.8.8", nil}, {"8.8.8.8", nil},
{"::", ErrAddressNotAllowed},
{"::1", ErrAddressNotAllowed}, {"::1", ErrAddressNotAllowed},
{"fe80::", ErrAddressNotAllowed}, {"fe80::", ErrAddressNotAllowed},
{"ff02::", ErrAddressNotAllowed}, {"ff02::", ErrAddressNotAllowed},