From 37ab63daee7526fcac37749822ee0747274c9632 Mon Sep 17 00:00:00 2001
From: yannaingtun <yannaingtun2007@gmail.com>
Date: Wed, 19 Mar 2025 01:08:05 +0800
Subject: [PATCH] Fix: Add IP validation in MachineRegistryController for
 security

---
 .../dashboard/controller/MachineRegistryController.java      | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/4-Finchley/alibaba-sentinel-dashboard-nacos/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/MachineRegistryController.java b/4-Finchley/alibaba-sentinel-dashboard-nacos/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/MachineRegistryController.java
index f2e7fe2a..4a491868 100755
--- a/4-Finchley/alibaba-sentinel-dashboard-nacos/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/MachineRegistryController.java
+++ b/4-Finchley/alibaba-sentinel-dashboard-nacos/src/main/java/com/alibaba/csp/sentinel/dashboard/controller/MachineRegistryController.java
@@ -28,6 +28,7 @@
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
+import java.net.IPAddressUtil;
 
 @Controller
 @RequestMapping(value = "/registry", produces = MediaType.APPLICATION_JSON_VALUE)
@@ -47,6 +48,10 @@ public Result<?> receiveHeartBeat(String app, Long version, String v, String hos
         if (ip == null) {
             return Result.ofFail(-1, "ip can't be null");
         }
+        // Add IP validation to prevent malicious input
+        if (!IPAddressUtil.isIPv4LiteralAddress(ip) && !IPAddressUtil.isIPv6LiteralAddress(ip)) {
+            return Result.ofFail(-1, "invalid ip format: " + ip);
+        }
         if (port == null) {
             return Result.ofFail(-1, "port can't be null");
         }