From b9c64b7cf17c775d6a5b94cec2460c8f6753aa73 Mon Sep 17 00:00:00 2001
From: jesopo <github@lolnerd.net>
Date: Mon, 30 Sep 2019 15:12:01 +0100
Subject: [PATCH] use ipaddress is_loopback etc to do better forbidden ranges

closes #87
---
 src/utils/http.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/utils/http.py b/src/utils/http.py
index 49738876..00066033 100644
--- a/src/utils/http.py
+++ b/src/utils/http.py
@@ -301,5 +301,14 @@ def is_localhost(hostname: str) -> bool:
             address = ipaddress.ip_address(link["addr"].split("%", 1)[0])
             if address in ips:
                 return True
+    for ip in ips:
+        if ip.version == 6 and ip.ipv4_mapped:
+            ip = ip.ipv4_mapped
+
+        if (ip.is_loopback or
+                ip.is_link_local or
+                ip.is_multicast or
+                ip.is_private):
+            return True
 
     return False