From 33e03f66917094739939f6dbf0043e5f70580369 Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Thu, 5 Sep 2024 14:29:52 +0000
Subject: [PATCH] mobb fix commit: 1258fb0e-2846-4003-a140-b110b75e5506

---
 src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
index 35f9491f77..8717f34964 100644
--- a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
+++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
@@ -48,6 +48,9 @@ public AttackResult completed(@RequestParam String url) {
   protected AttackResult furBall(String url) {
     if (url.matches("http://ifconfig\\.pro")) {
       String html;
+      if (!(url).toString().startsWith("https://webgoat.com/") && !(url).toString().startsWith("https://test.com/") && !(url).toString().startsWith("https://testing.test.com/")) {
+        throw new RuntimeException("Potential SSRF attempt");
+      }
       try (InputStream in = new URL(url).openStream()) {
         html =
             new String(in.readAllBytes(), StandardCharsets.UTF_8)