Merge pull request JoyChou93#7 from waderwu/master

JoyChou93 · web-flow · commit 40d64c131903 · 2019-09-04T11:20:47.000+08:00
fix bug 0.0.0.0 can bypass SSRFChecker
diff --git a/src/main/java/org/joychou/security/SSRFChecker.java b/src/main/java/org/joychou/security/SSRFChecker.java
@@ -82,7 +82,7 @@ public static Boolean isInnerIPByUrl(String url) {
      */
     private static boolean isInnerIp(String strIP){
 
-        String blackSubnetlist[] = {"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "127.0.0.0/8"};
+        String blackSubnetlist[] = {"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "127.0.0.0/8", "0.0.0.0/32"};
 
         for (String subnet: blackSubnetlist) {
             SubnetUtils utils = new SubnetUtils(subnet);
