mirror of
https://github.com/farion1231/cc-switch.git
synced 2026-04-02 10:03:27 +08:00
8876d67807
* dependencies: url * fix: comprehensive security improvements for usage script execution 🛡️ Security Fixes: - Implement robust SSRF protection with same-origin URL validation - Add precise IP address validation for IPv4/IPv6 private networks - Fix port comparison to handle default ports correctly (443/80) - Remove hardcoded domain whitelist, support custom domains flexibly - Add comprehensive input validation and hostname security checks 🔧 Technical Improvements: - Replace string-based IP checks with proper IpAddr parsing - Use port_or_known_default() for accurate port validation - Add comprehensive unit tests covering edge cases - Implement CIDR-compliant private IP detection (RFC1918) - Fix IPv6 address validation to prevent false positives 📊 Fixed Issues: - Prevent access to private IP addresses while allowing public services - Support Cloudflare (172.67.x.x) and other public 172.x.x.x ranges - Fix port matching between explicit (e.g., :443) and implicit (default) ports - Resolve IPv6 false positives for addresses containing ::1 substrings - Maintain backward compatibility with existing script usage patterns ✅ Testing: - Add comprehensive test suite for IP validation (IPv4/IPv6) - Add port comparison tests for various scenarios - Add edge case tests for CIDR boundaries - All tests passing, ensuring no regressions 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: add is_loopback_host for proper localhost validation * fix: use Database::memory() in tests --------- Co-authored-by: Claude <noreply@anthropic.com>