def isHostAllowed(self, host):
if host in self.server.allowed_hosts:
return True
# Allow any IP address as they are not affected by DNS rebinding
# attacks
if helper.isIp(host):
self.learnHost(host)
return True
if ":" in host and helper.isIp(host.rsplit(":", 1)[0]): # Test without port
self.learnHost(host)
return True
if self.isProxyRequest(): # Support for chrome extension proxy
if self.server.site_manager.isDomain(host):
return True
else:
return False
if self.server.learn_allowed_host:
# Learn the first request's host as allowed one
self.server.learn_allowed_host = False
self.learnHost(host)
return True
return False
def testIsIp(self):
assert helper.isIp("1.2.3.4")
assert helper.isIp("255.255.255.255")
assert not helper.isIp("any.host")
assert not helper.isIp("1.2.3.4.com")
assert not helper.isIp("1.2.3.4.any.host")