Selaa lähdekoodia
Merge pull request #33031 from nextcloud/fix/improve-local-ip-detection
Improve local IP detectiontags/v25.0.0beta1
Côme Chilliet
1 vuosi sitten
2 muutettua tiedostoa jossa 19 lisäystä ja 2 poistoa
+ 14
- 2
lib/private/Http/Client/LocalAddressChecker.php
Näytä tiedosto
| @@ -27,6 +27,7 @@ namespace OC\Http\Client; | |||
| use OCP\Http\Client\LocalServerException; | |||
| use Psr\Log\LoggerInterface; | |||
| use Symfony\Component\HttpFoundation\IpUtils; | |||
| class LocalAddressChecker { | |||
| private LoggerInterface $logger; | |||
| @@ -36,7 +37,16 @@ class LocalAddressChecker { | |||
| } | |||
| public function ThrowIfLocalIp(string $ip) : void { | |||
| if ((bool)filter_var($ip, FILTER_VALIDATE_IP) && !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { | |||
| $localRanges = [ | |||
| '100.64.0.0/10', // See RFC 6598 | |||
| '192.0.0.0/24', // See RFC 6890 | |||
| ]; | |||
| if ( | |||
| (bool)filter_var($ip, FILTER_VALIDATE_IP) && | |||
| ( | |||
| !filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) || | |||
| IpUtils::checkIp($ip, $localRanges) | |||
| )) { | |||
| $this->logger->warning("Host $ip was not connected to because it violates local access rules"); | |||
| throw new LocalServerException('Host violates local access rules'); | |||
| } | |||
| @@ -46,7 +56,9 @@ class LocalAddressChecker { | |||
| $delimiter = strrpos($ip, ':'); // Get last colon | |||
| $ipv4Address = substr($ip, $delimiter + 1); | |||
| if (!filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) { | |||
| if ( | |||
| !filter_var($ipv4Address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) || | |||
| IpUtils::checkIp($ip, $localRanges)) { | |||
| $this->logger->warning("Host $ip was not connected to because it violates local access rules"); | |||
| throw new LocalServerException('Host violates local access rules'); | |||
| } | |||
+ 5
- 0
tests/lib/Http/Client/LocalAddressCheckerTest.php
Näytä tiedosto
| @@ -96,6 +96,8 @@ class LocalAddressCheckerTest extends \Test\TestCase { | |||
| ['10.0.0.1'], | |||
| ['::'], | |||
| ['::1'], | |||
| ['100.100.100.200'], | |||
| ['192.0.0.1'], | |||
| ]; | |||
| } | |||
| @@ -116,6 +118,9 @@ class LocalAddressCheckerTest extends \Test\TestCase { | |||
| ['another-host.local'], | |||
| ['service.localhost'], | |||
| ['!@#$'], // test invalid url | |||
| ['100.100.100.200'], | |||
| ['192.0.0.1'], | |||
| ['randomdomain.internal'], | |||
| ]; | |||
| } | |||
Loading…