Skip to content

Commit b6637aa

Browse files
timokoesslertimokoessler
committed
Add comments and missing ipv6 ranges
1 parent 0e76347 commit b6637aa

File tree

1 file changed

+26
-24
lines changed

1 file changed

+26
-24
lines changed

library/vulnerabilities/ssrf/isPrivateIP.ts

Lines changed: 26 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,37 @@
11
import { IPMatcher } from "../../helpers/ip-matcher/IPMatcher";
22

3-
// Taken from https://github.com/frenchbread/private-ip/blob/master/src/index.ts
43
const PRIVATE_IP_RANGES = [
5-
"0.0.0.0/8",
6-
"10.0.0.0/8",
7-
"100.64.0.0/10",
8-
"127.0.0.0/8",
9-
"169.254.0.0/16",
10-
"172.16.0.0/12",
11-
"192.0.0.0/24",
12-
"192.0.2.0/24",
13-
"192.31.196.0/24",
4+
"0.0.0.0/8", // "This" network (RFC 1122)
5+
"10.0.0.0/8", // Private-Use Networks (RFC 1918)
6+
"100.64.0.0/10", // Shared Address Space (RFC 6598)
7+
"127.0.0.0/8", // Loopback (RFC 1122)
8+
"169.254.0.0/16", // Link Local (RFC 3927)
9+
"172.16.0.0/12", // Private-Use Networks (RFC 1918)
10+
"192.0.0.0/24", // IETF Protocol Assignments (RFC 5736)
11+
"192.0.2.0/24", // TEST-NET-1 (RFC 5737)
12+
"192.31.196.0/24", // AS112 Redirection Anycast (RFC 7535)
1413
"192.52.193.0/24",
15-
"192.88.99.0/24",
16-
"192.168.0.0/16",
17-
"192.175.48.0/24",
18-
"198.18.0.0/15",
19-
"198.51.100.0/24",
20-
"203.0.113.0/24",
21-
"240.0.0.0/4",
22-
"224.0.0.0/4",
23-
"255.255.255.255/32",
14+
"192.88.99.0/24", // 6to4 Relay Anycast (RFC 3068)
15+
"192.168.0.0/16", // Private-Use Networks (RFC 1918)
16+
"192.175.48.0/24", // AS112 Redirection Anycast (RFC 7535)
17+
"198.18.0.0/15", // Network Interconnect Device Benchmark Testing (RFC 2544)
18+
"198.51.100.0/24", // TEST-NET-2 (RFC 5737)
19+
"203.0.113.0/24", // TEST-NET-3 (RFC 5737)
20+
"224.0.0.0/4", // Multicast (RFC 3171)
21+
"240.0.0.0/4", // Reserved for Future Use (RFC 1112)
22+
"255.255.255.255/32", // Limited Broadcast (RFC 919)
2423
];
2524

2625
const PRIVATE_IPV6_RANGES = [
27-
"::/128", // Unspecified address
28-
"::1/128", // Loopback address
29-
"fc00::/7", // Unique local address (ULA)
30-
"fe80::/10", // Link-local address (LLA)
31-
"::ffff:127.0.0.1/128", // IPv4-mapped address
26+
"::/128", // Unspecified address (RFC 4291)
27+
"::1/128", // Loopback address (RFC 4291)
28+
"fc00::/7", // Unique local address (ULA) (RFC 4193)
29+
"fe80::/10", // Link-local address (LLA) (RFC 4291)
30+
"::ffff:127.0.0.1/128", // IPv4-mapped address (RFC 4291)
3231
"::ffff:0:0",
32+
"100::/64", // Discard prefix (RFC 6666)
33+
"2001:db8::/32", // Documentation prefix (RFC 3849)
34+
"3fff::/20", // Documentation prefix (RFC 9637)
3335
];
3436

3537
const privateIp = new IPMatcher();

0 commit comments

Comments
 (0)