The trust class of a host or resolved address.
How a fetch treats internal targets.
Canonicalize a bare all-numeric IPv4 authority host into four octets using inet_aton rules so that alternate encodings cannot slip past the SSRF guard. Accepts 1-4 parts where each part may be decimal, octal (0-prefix) or hex (0x-prefix); a short form lets the final part absorb the remaining low bytes (1 part = 32 bits, 2 parts = a.(24 bits), 3 parts = a.b.(16 bits)). Returns true and fills outOct only when the whole host is such a literal; returns false for any host that is not a pure numeric IPv4 literal (e.g. a registered hostname), which the caller treats as "not an IP literal". @safe pure nothrow @nogc.
Classify host (an authority host, optionally bracketed and/or with a :port suffix) and produce the numeric address to pin the connection to in pinnedIp. This is the SINGLE address classifier all SSRF decisions flow through:
Classify host WITHOUT performing DNS resolution: IP literals (every numeric IPv4 encoding and IPv6 incl. embedded-IPv4/ULA/link-local/loopback) and the explicit loopback names (localhost) are classified directly; any registered hostname is treated as public_ (a lexical pre-filter cannot know what it resolves to — the resolve-and-pin connector makes the authoritative call). @safe pure nothrow @nogc.
Vet a host (authority host, optionally bracketed / with a :port suffix) against policy for a raw-TCP connect, returning the address to connect to and the SNI/Host name to present. tls records whether the connection uses TLS; the http-vs-loopback scheme restriction itself is enforced by the caller's scheme gate (secureRequestHTTP), not here.
SSRF-safe HTTP fetch. Parses url with vibe's URL — the exact parser the connector uses — so the host vetted is the host connected to (no parser differential). The host is classified ONCE via classifyHost; under policy an internal target is rejected (blockInternal, dev-loopback-over- http excepted) or pinned-but-permitted (allowUserConfigured). The request URL's host is rewritten to the vetted numeric IP and the connection pinned to it, while the original hostname is preserved for the Host header and TLS SNI (no TOCTOU re-resolution).
The result of vetting an endpoint for a raw-TCP connect: the numeric address to connectTCP to (pinnedIp, port stripped), the original host to use for the Host header and TLS SNI (sniHost), and whether the endpoint passed the policy (ok).