Coverage for src / local_deep_research / security / ip_ranges.py: 100%

2 statements  

« prev     ^ index     » next       coverage.py v7.13.4, created at 2026-02-25 01:07 +0000

1""" 

2Shared private/internal IP range constants for security validation. 

3 

4Used by SSRF validation and notification URL validation to avoid 

5duplicating IP range definitions. 

6""" 

7 

8import ipaddress 

9 

10# RFC1918 private networks + loopback + link-local + CGNAT + IPv6 equivalents 

11# nosec B104 - These hardcoded IPs are intentional for security validation 

12PRIVATE_IP_RANGES = [ 

13 ipaddress.ip_network("127.0.0.0/8"), # IPv4 loopback 

14 ipaddress.ip_network("::1/128"), # IPv6 loopback 

15 ipaddress.ip_network("10.0.0.0/8"), # RFC1918 Class A private 

16 ipaddress.ip_network("172.16.0.0/12"), # RFC1918 Class B private 

17 ipaddress.ip_network("192.168.0.0/16"), # RFC1918 Class C private 

18 ipaddress.ip_network( 

19 "100.64.0.0/10" 

20 ), # CGNAT - used by Podman/rootless containers 

21 ipaddress.ip_network("169.254.0.0/16"), # Link-local 

22 ipaddress.ip_network("fe80::/10"), # IPv6 link-local 

23 ipaddress.ip_network("fc00::/7"), # IPv6 unique local 

24 ipaddress.ip_network("0.0.0.0/8"), # "This" network 

25]