fix(security): reject private and loopback IPs in Telegram DoH fallback (#4129)

Co-authored-by: Maymun <139681654+maymuneth@users.noreply.github.com>
2026-03-30 18:53:24 -07:00
parent 1e59d4813c
commit cdb64a869a
1 changed files with 3 additions and 0 deletions
--- a/gateway/platforms/telegram_network.py
+++ b/gateway/platforms/telegram_network.py
@@ -135,6 +135,9 @@ def _normalize_fallback_ips(values: Iterable[str]) -> list[str]:
        if addr.version != 4:
            logger.warning("Ignoring non-IPv4 Telegram fallback IP: %s", raw)
            continue
+        if addr.is_private or addr.is_loopback or addr.is_link_local or addr.is_unspecified:
+            logger.warning("Ignoring private/internal Telegram fallback IP: %s", raw)
+            continue
        normalized.append(str(addr))
    return normalized