(url: string)
| 119 | * @throws Error if URL hostname resolves to a denied IP |
| 120 | */ |
| 121 | export async function checkDenyList(url: string): Promise<void> { |
| 122 | const httpDenyList = getHttpDenyList() |
| 123 | |
| 124 | const urlObj = new URL(url) |
| 125 | let hostname = urlObj.hostname |
| 126 | // Strip IPv6 brackets if present |
| 127 | if (hostname.startsWith('[') && hostname.endsWith(']')) { |
| 128 | hostname = hostname.slice(1, -1) |
| 129 | } |
| 130 | |
| 131 | if (ipaddr.isValid(hostname)) { |
| 132 | isDeniedIP(hostname, httpDenyList) |
| 133 | } else { |
| 134 | const addresses = await dns.lookup(hostname, { all: true }) |
| 135 | for (const address of addresses) { |
| 136 | isDeniedIP(address.address, httpDenyList) |
| 137 | } |
| 138 | } |
| 139 | } |
| 140 | |
| 141 | /** |
| 142 | * Optional TLS options for secureAxiosRequest (e.g. custom CA for mutual TLS or private CAs). |
no test coverage detected