Add option to disable unsafe IP protection

[joao-esteves]

Use Case

I want to add a unit test in a project to catch the exception caused by #56. In it, I'm forced to make a remote request because ssrf_filter doesn't allow local IPs when caling SsrfFilter.get('http://api.localhost/X.json').

I am unsure of the utility of this, due to my lack of knowledge in the gem, thus I opened this issue for discussion. Note that my test does catch the exception with a local request when I manually disable the protection inside the gem.

Relevant Code

The protection is at lib/ssrf_filter/ssrf_filter.rb:129:

public_addresses = ip_addresses.reject(&method(:unsafe_ip_address?))

The option would disable this reject.

[rajyan]

IMHO skipping IP protection should be handled in the user side of the ssrf_filter.

doesn't allow local IPs when caling

is exactly what ssrf_filter needs to do.

If you are using carrierwave, you can skip the ip protection by overriding skip_ssrf_protection in tests
https://github.com/carrierwaveuploader/carrierwave/blob/a0c093f6c4c381e0e59d6014e207d5c4a0688081/lib/carrierwave/downloader/base.rb#L93-L95

[arkadiyt]

Sorry on the long delay here - closing as per the recommendation above :)