From 8aa92564b6c505cfba58b167b6a5706fcbe4d748 Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Thu, 5 Sep 2024 14:31:34 +0000
Subject: [PATCH] mobb fix commit: 1258fb0e-2846-4003-a140-b110b75e5506

---
 src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
index 35f9491f77..2eb48e88d4 100644
--- a/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
+++ b/src/main/java/org/owasp/webgoat/lessons/ssrf/SSRFTask2.java
@@ -48,6 +48,9 @@ public AttackResult completed(@RequestParam String url) {
   protected AttackResult furBall(String url) {
     if (url.matches("http://ifconfig\\.pro")) {
       String html;
+      if (!(url).toString().startsWith("https://webgoat.com/") && !(url).toString().startsWith("https://test.com/") && !(url).toString().startsWith("https://testing.test3.com/")) {
+        throw new RuntimeException("Potential SSRF attempt");
+      }
       try (InputStream in = new URL(url).openStream()) {
         html =
             new String(in.readAllBytes(), StandardCharsets.UTF_8)