Add localdomain and extra test cases

bitterpanda63 · bitterpanda63 · commit 5b0b3dedfae3 · 2025-07-22T11:48:13.000+02:00
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/ssrf/RequestToServiceHostnameChecker.java b/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/ssrf/RequestToServiceHostnameChecker.java
@@ -6,7 +6,9 @@
 public final class RequestToServiceHostnameChecker {
     // Pattern allows alphanumerical input (case-insensitive), dashes (-) and underscores (_)
     private static final Pattern SERVICE_HOSTNAME_PATTERN = Pattern.compile("^[a-zA-Z0-9-_]+$");
-    private static final List ALLOWED_LOCALHOST_VARIANTS = List.of("localhost");
+    private static final List ALLOWED_LOCALHOST_VARIANTS = List.of(
+        "localhost", "localdomain"
+    );
 
     public static boolean isRequestToServiceHostname(String hostname) {
         if (hostname == null) {
diff --git a/agent_api/src/test/java/vulnerabilities/ssrf/RequestToServiceHostnameCheckerTest.java b/agent_api/src/test/java/vulnerabilities/ssrf/RequestToServiceHostnameCheckerTest.java
@@ -64,6 +64,13 @@ void testAllowedLocalhostVariants() {
         assertFalse(RequestToServiceHostnameChecker.isRequestToServiceHostname("localhost.localdomain"));
         assertFalse(RequestToServiceHostnameChecker.isRequestToServiceHostname("LOCALHOST"));
         assertFalse(RequestToServiceHostnameChecker.isRequestToServiceHostname("LocalHost"));
+
+        assertFalse(RequestToServiceHostnameChecker.isRequestToServiceHostname("Host.docker.Internal"));
+        assertFalse(RequestToServiceHostnameChecker.isRequestToServiceHostname("host.docker.internal"));
+        assertFalse(RequestToServiceHostnameChecker.isRequestToServiceHostname("kubernetes.docker.internal"));
+        assertFalse(RequestToServiceHostnameChecker.isRequestToServiceHostname("KUBERNETES.DOCKER.INTERNAL"));
+
+        assertFalse(RequestToServiceHostnameChecker.isRequestToServiceHostname("localdomain"));
     }
 
     @Test
