request-filtering-agent - npm Package Compare versions

Comparing version 1.0.1 to 1.0.2

lib/request-filtering-agent.d.ts

@@ -11,3 +11,4 @@ /// <reference types="node" />
 export interface RequestFilteringAgentOptions {
-    allowPrivateIP?: boolean;
+    allowPrivateIPAddress?: boolean;
+    allowMetaIPAddress?: boolean;
     allowIPAddressList?: string[];
@@ -14,0 +15,0 @@ denyIPAddressList?: string[];

lib/request-filtering-agent.js

@@ -42,3 +42,8 @@ "use strict";
     }
-    if (!options.allowPrivateIP && ip_1.default.isPrivate(address)) {
+    if (!options.allowMetaIPAddress) {
+        if (address === "0.0.0.0" || address == "::") {
+            return new Error("DNS lookup " + address + "(family:" + family + ", host:" + host + ") is not allowed. Because, It is meta IP address.");
+        }
+    }
+    if (!options.allowPrivateIPAddress && ip_1.default.isPrivate(address)) {
         return new Error("DNS lookup " + address + "(family:" + family + ", host:" + host + ") is not allowed. Because, It is private IP address.");
@@ -75,3 +80,4 @@ }
     var requestFilterOptions = {
-        allowPrivateIP: options && options.allowPrivateIP !== undefined ? options.allowPrivateIP : false,
+        allowPrivateIPAddress: options && options.allowPrivateIPAddress !== undefined ? options.allowPrivateIPAddress : false,
+        allowMetaIPAddress: options && options.allowMetaIPAddress !== undefined ? options.allowMetaIPAddress : false,
         allowIPAddressList: options && options.allowIPAddressList ? options.allowIPAddressList : [],
@@ -109,3 +115,2 @@ denyIPAddressList: options && options.denyIPAddressList ? options.denyIPAddressList : []
 exports.applyRequestFilter = applyRequestFilter;
-;
 /**
@@ -112,0 +117,0 @@ * A subclsss of http.Agent with request filtering

package.json

 {
   "name": "request-filtering-agent",
-  "version": "1.0.1",
-  "description": "A http(s).Agent implementation that block request Private IP address.",
+  "version": "1.0.2",
+  "description": "An http(s).Agent implementation that block request Private IP address.",
   "homepage": "https://github.com/azu/request-filtering-agent",
@@ -6,0 +6,0 @@ "bugs": {

README.md

 # request-filtering-agent [![Build Status](https://travis-ci.org/azu/request-filtering-agent.svg?branch=master)](https://travis-ci.org/azu/request-filtering-agent)
 
-A http(s).Agent implementation that block request Private IP address.
+An http(s).Agent implementation that block request Private IP address.
 
@@ -62,8 +62,21 @@ It help to prevent [server-side request forgery (SSRF)](https://en.wikipedia.org/wiki/Server-side_request_forgery) attack.
 
-
 ```ts
 export interface RequestFilteringAgentOptions {
-    allowPrivateIP?: boolean;
+    // Allow to connect private IP address
+    // Example, http://127.0.0.1/, http://localhost/
+    // Default: false
+    allowPrivateIPAddress?: boolean;
+    // Allow to connect meta address 0.0.0.0
+    // 0.0.0.0 (IPv4) and :: (IPv6) a meta address that routing another address
+    // https://en.wikipedia.org/wiki/Reserved_IP_addresses
+    // https://tools.ietf.org/html/rfc6890
+    // Default: false
+    allowMetaIPAddress?: boolean;
+    // Allow address list
+    // This values are preferred than denyAddressList
+    // Default: []
     allowIPAddressList?: string[];
-    denyIPAddressList?: string[];
+    // Deny address list
+    // Default: []
+    denyIPAddressList?: string[]
 }
@@ -93,2 +106,3 @@ /**
 export declare const useAgent: (url: string) => RequestFilteringHttpAgent | RequestFilteringHttpsAgent;
+
 ```
@@ -106,4 +120,4 @@
 const agent = new RequestFilteringHttpAgent({
-    allowIPAddressList: ["127.0.0.1"], // it is preferred than allowPrivateIP option
-    allowPrivateIP: false, // Default: false
+    allowIPAddressList: ["127.0.0.1"], // it is preferred than allowPrivateIPAddress option
+    allowPrivateIPAddress: false, // Default: false
 });
@@ -134,3 +148,3 @@ // 127.0.0.1 is private ip address, but it is allowed
 const agentWithFiltering = applyRequestFilter(agent, {
-    allowPrivateIP: false // Default: false
+    allowPrivateIPAddress: false // Default: false
 });
@@ -137,0 +151,0 @@ // 127.0.0.1 is private ip address

src/request-filtering-agent.ts

@@ -15,6 +15,12 @@ import * as net from "net";
 export interface RequestFilteringAgentOptions {
-    // allow to connect private IP address
+    // Allow to connect private IP address
     // Example, http://127.0.0.1/, http://localhost/
-    //Default: false
-    allowPrivateIP?: boolean;
+    // Default: false
+    allowPrivateIPAddress?: boolean;
+    // Allow to connect meta address 0.0.0.0
+    // 0.0.0.0 (IPv4) and :: (IPv6) a meta address that routing another address
+    // https://en.wikipedia.org/wiki/Reserved_IP_addresses
+    // https://tools.ietf.org/html/rfc6890
+    // Default: false
+    allowMetaIPAddress?: boolean;
     // Allow address list
@@ -43,3 +49,8 @@ // This values are preferred than denyAddressList
 
-    if (!options.allowPrivateIP && ip.isPrivate(address)) {
+    if (!options.allowMetaIPAddress) {
+        if (address === "0.0.0.0" || address == "::") {
+            return new Error(`DNS lookup ${address}(family:${family}, host:${host}) is not allowed. Because, It is meta IP address.`);
+        }
+    }
+    if (!options.allowPrivateIPAddress && ip.isPrivate(address)) {
         return new Error(`DNS lookup ${address}(family:${family}, host:${host}) is not allowed. Because, It is private IP address.`);
@@ -70,2 +81,3 @@ }
 const appliedAgentSet = new Set<http.Agent | https.Agent>();
+
 /**
@@ -80,3 +92,4 @@ * Apply request filter to http(s).Agent instance
     const requestFilterOptions: Required<RequestFilteringAgentOptions> = {
-        allowPrivateIP: options && options.allowPrivateIP !== undefined ? options.allowPrivateIP : false,
+        allowPrivateIPAddress: options && options.allowPrivateIPAddress !== undefined ? options.allowPrivateIPAddress : false,
+        allowMetaIPAddress: options && options.allowMetaIPAddress !== undefined ? options.allowMetaIPAddress : false,
         allowIPAddressList: options && options.allowIPAddressList ? options.allowIPAddressList : [],
@@ -112,3 +125,3 @@ denyIPAddressList: options && options.denyIPAddressList ? options.denyIPAddressList : []
     return agent;
-};
+}
 
@@ -115,0 +128,0 @@ /**

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

25450

increased by8.44%

Lines of code

324

increased by5.88%

Number of lines in readme file

202

increased by7.45%

No dependency changes