fix bug 0.0.0.0 can bypass SSRFChecker

waderwu · waderwu · commit 1f57fae21a9a · 2019-09-03T15:18:40.000+08:00
diff --git a/src/main/java/org/joychou/security/SSRFChecker.java b/src/main/java/org/joychou/security/SSRFChecker.java
@@ -82,7 +82,7 @@ public static Boolean isInnerIPByUrl(String url) {
      */
     private static boolean isInnerIp(String strIP){
 
-        String blackSubnetlist[] = {"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "127.0.0.0/8"};
+        String blackSubnetlist[] = {"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "127.0.0.0/8", "0.0.0.0/32"};
 
         for (String subnet: blackSubnetlist) {
             SubnetUtils utils = new SubnetUtils(subnet);
