webhook: revalidate local hostname before each delivery (#6988)

author: Joe Chen <jc@unknwon.io> 2022-05-31 15:17:17 +0800
committer: GitHub <noreply@github.com> 2022-05-31 15:17:17 +0800
commit: 7885f454a4946c4bbec1b4f8c603b5eea7429c7f (patch)
tree: 00010af607268eef9f1adcb9d8f6d713f653ee34 /internal/netutil
parent: 90bc75229726a24a28507d3e8178f86734f112e1 (diff)
2 files changed, 5 insertions, 4 deletions
diff --git a/internal/netutil/netutil.go b/internal/netutil/netutil.go
index 5059d463..8fef3115 100644
--- a/internal/netutil/netutil.go
+++ b/internal/netutil/netutil.go
@@ -47,9 +47,10 @@ func init() {
 	}
 }
 
-// IsLocalHostname returns true if given hostname is resolved to local network
-// address, except exempted from the allowlist.
-func IsLocalHostname(hostname string, allowlist []string) bool {
+// IsBlockedLocalHostname returns true if given hostname is resolved to a local
+// network address that is implicitly blocked (i.e. not exempted from the
+// allowlist).
+func IsBlockedLocalHostname(hostname string, allowlist []string) bool {
 	for _, allow := range allowlist {
 		if hostname == allow {
 			return false
diff --git a/internal/netutil/netutil_test.go b/internal/netutil/netutil_test.go
index 65202baf..9bd9c982 100644
--- a/internal/netutil/netutil_test.go
+++ b/internal/netutil/netutil_test.go
@@ -34,7 +34,7 @@ func TestIsLocalHostname(t *testing.T) {
 	}
 	for _, test := range tests {
 		t.Run("", func(t *testing.T) {
-			assert.Equal(t, test.want, IsLocalHostname(test.hostname, test.allowlist))
+			assert.Equal(t, test.want, IsBlockedLocalHostname(test.hostname, test.allowlist))
 		})
 	}
 }
author	Joe Chen <jc@unknwon.io>	2022-05-31 15:17:17 +0800
committer	GitHub <noreply@github.com>	2022-05-31 15:17:17 +0800
commit	7885f454a4946c4bbec1b4f8c603b5eea7429c7f (patch)
tree	00010af607268eef9f1adcb9d8f6d713f653ee34 /internal/netutil
parent	90bc75229726a24a28507d3e8178f86734f112e1 (diff)