diff --git a/packages/backend/package.json b/packages/backend/package.json index c5b6278b69f7..4acb70922ba7 100644 --- a/packages/backend/package.json +++ b/packages/backend/package.json @@ -99,7 +99,7 @@ "happy-dom": "9.20.3", "hpagent": "1.2.0", "ioredis": "5.3.2", - "ip-cidr": "3.1.0", + "ipaddr.js": "2.1.0", "is-svg": "4.3.2", "js-yaml": "4.1.0", "jsdom": "22.1.0", @@ -120,7 +120,6 @@ "otpauth": "9.1.2", "parse5": "7.1.2", "pg": "8.11.0", - "private-ip": "3.0.0", "probe-image-size": "7.2.3", "promise-limit": "2.7.0", "pug": "3.0.2", diff --git a/packages/backend/src/core/DownloadService.ts b/packages/backend/src/core/DownloadService.ts index bd535c603270..09039a8b577b 100644 --- a/packages/backend/src/core/DownloadService.ts +++ b/packages/backend/src/core/DownloadService.ts @@ -2,8 +2,7 @@ import * as fs from 'node:fs'; import * as stream from 'node:stream'; import * as util from 'node:util'; import { Inject, Injectable } from '@nestjs/common'; -import IPCIDR from 'ip-cidr'; -import PrivateIp from 'private-ip'; +import ipaddr from 'ipaddr.js'; import chalk from 'chalk'; import got, * as Got from 'got'; import { parse } from 'content-disposition'; @@ -123,15 +122,15 @@ export class DownloadService { public async downloadTextFile(url: string): Promise { // Create temp file const [path, cleanup] = await createTemp(); - + this.logger.info(`text file: Temp file is ${path}`); - + try { // write content at URL to temp file await this.downloadUrl(url, path); - + const text = await util.promisify(fs.readFile)(path, 'utf8'); - + return text; } finally { cleanup(); @@ -140,13 +139,14 @@ export class DownloadService { @bindThis private isPrivateIp(ip: string): boolean { + const parsedIp = ipaddr.parse(ip); + for (const net of this.config.allowedPrivateNetworks ?? []) { - const cidr = new IPCIDR(net); - if (cidr.contains(ip)) { + if (parsedIp.match(ipaddr.parseCIDR(net))) { return false; } } - return PrivateIp(ip) ?? false; + return parsedIp.range() !== 'unicast'; } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 2259cb2a2742..d2200ef00827 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -212,9 +212,9 @@ importers: ioredis: specifier: 5.3.2 version: 5.3.2 - ip-cidr: - specifier: 3.1.0 - version: 3.1.0 + ipaddr.js: + specifier: 2.1.0 + version: 2.1.0 is-svg: specifier: 4.3.2 version: 4.3.2 @@ -275,9 +275,6 @@ importers: pg: specifier: 8.11.0 version: 8.11.0 - private-ip: - specifier: 3.0.0 - version: 3.0.0 probe-image-size: specifier: 7.2.3 version: 7.2.3 @@ -4387,10 +4384,6 @@ packages: resolution: {integrity: sha512-BxOqI5LgsIQP1odU5KMwV9yoijleOPzHL18/YvNqF9KFSGF2K/DLlYAbDQsWqd/1nbaFuSkYD/191dpMtNh4vw==} dev: false - /@chainsafe/is-ip@2.0.1: - resolution: {integrity: sha512-nqSJ8u2a1Rv9FYbyI8qpDhTYujaKEyLknNrTejLYoSWmdeg+2WB7R6BZqPZYfrJzDxVi3rl6ZQuoaEvpKRZWgQ==} - dev: false - /@colors/colors@1.5.0: resolution: {integrity: sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==} engines: {node: '>=0.1.90'} @@ -13519,31 +13512,10 @@ packages: resolution: {integrity: sha512-pZ2xT+LOHckCatGQ3DcG/a+QuEqvoxqkiL7tvE8nn3uuu+f6i1TtpB5/FtWFbxUuVr5PZCx8KskuGatbJDXOWA==} dev: false - /ip-address@7.1.0: - resolution: {integrity: sha512-V9pWC/VJf2lsXqP7IWJ+pe3P1/HCYGBMZrrnT62niLGjAfCbeiwXMUxaeHvnVlz19O27pvXP4azs+Pj/A0x+SQ==} - engines: {node: '>= 10'} - dependencies: - jsbn: 1.1.0 - sprintf-js: 1.1.2 - dev: false - - /ip-cidr@3.1.0: - resolution: {integrity: sha512-HUCn4snshEX1P8cja/IyU3qk8FVDW8T5zZcegDFbu4w7NojmAhk5NcOgj3M8+0fmumo1afJTPDtJlzsxLdOjtg==} - engines: {node: '>=10.0.0'} - dependencies: - ip-address: 7.1.0 - jsbn: 1.1.0 - dev: false - /ip-regex@4.3.0: resolution: {integrity: sha512-B9ZWJxHHOHUhUjCPrMpLD4xEq35bUTClHM1S6CBU5ixQnkZmwipwgc96vAd7AAGM9TGHvJR+Uss+/Ak6UphK+Q==} engines: {node: '>=8'} - /ip-regex@5.0.0: - resolution: {integrity: sha512-fOCG6lhoKKakwv+C6KdsOnGvgXnmgfmp0myi3bcNwj3qfwPAxRKWEuFhvEFF7ceYIz6+1jRZ+yguLFAmUNPEfw==} - engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} - dev: false - /ip@2.0.0: resolution: {integrity: sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==} @@ -13551,8 +13523,8 @@ packages: resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==} engines: {node: '>= 0.10'} - /ipaddr.js@2.0.1: - resolution: {integrity: sha512-1qTgH9NG+IIJ4yfKs2e6Pp1bZg8wbDbKHT21HrLIeYBTRLgMYKnMTPAuI3Lcs61nfx5h1xlXnbJtH1kX5/d/ng==} + /ipaddr.js@2.1.0: + resolution: {integrity: sha512-LlbxQ7xKzfBusov6UMi4MFpEg0m+mAm9xyNGEduwXMEDuf4WfzB/RZwMVYEd7IKGvh4IUkEXYxtAVu9T3OelJQ==} engines: {node: '>= 10'} /irregular-plurals@3.5.0: @@ -14660,10 +14632,6 @@ packages: /jsbn@0.1.1: resolution: {integrity: sha512-UVU9dibq2JcFWxQPA6KCqj5O42VOmAY3zQUfEKxU0KpTGXwNoCjkX1e13eHNvw/xPynt6pU0rZ1htjWTNTSXsg==} - /jsbn@1.1.0: - resolution: {integrity: sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==} - dev: false - /jschardet@3.0.0: resolution: {integrity: sha512-lJH6tJ77V8Nzd5QWRkFYCLc13a3vADkh3r/Fi8HupZGWk2OVVDfnZP8V/VgQgZ+lzW0kG2UGb5hFgt3V3ndotQ==} engines: {node: '>=0.1.90'} @@ -17315,20 +17283,10 @@ packages: resolution: {integrity: sha512-5zyFfekIVUOTVbL92hc8LJOtE/gyGHeREHkJ2yTyByP8Q2YZVoBqLg3EfYLeF0oVvGqtaEX2t2Qovja0/gStXw==} dependencies: ip-regex: 4.3.0 - ipaddr.js: 2.0.1 + ipaddr.js: 2.1.0 is-ip: 3.1.0 netmask: 2.0.2 - /private-ip@3.0.0: - resolution: {integrity: sha512-HkMBs4nMtrP+cvcw0bDi2BAZIGgiKI4Zq8Oc+dMqNBpHS8iGL4+WO/pRtc8Bwnv9rjnV0QwMDwEBymFtqv7Kww==} - engines: {node: '>=14.16'} - dependencies: - '@chainsafe/is-ip': 2.0.1 - ip-regex: 5.0.0 - ipaddr.js: 2.0.1 - netmask: 2.0.2 - dev: false - /probe-image-size@7.2.3: resolution: {integrity: sha512-HubhG4Rb2UH8YtV4ba0Vp5bQ7L78RTONYu/ujmCu5nBI8wGv24s4E9xSKBi0N1MowRpxk76pFCpJtW0KPzOK0w==} dependencies: @@ -19025,10 +18983,6 @@ packages: /sprintf-js@1.0.3: resolution: {integrity: sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==} - /sprintf-js@1.1.2: - resolution: {integrity: sha512-VE0SOVEHCk7Qc8ulkWw3ntAzXuqf7S2lvwQaDLRnUeIEaKNQJzV6BwmLKhOqT61aGhfUMrXeaBk+oDGCzvhcug==} - dev: false - /sshpk@1.17.0: resolution: {integrity: sha512-/9HIEs1ZXGhSPE8X6Ccm7Nam1z8KcoCqPdI7ecm1N33EzAetWahvQWVqLZtaZQ+IDKX4IyA2o0gBzqIMkAagHQ==} engines: {node: '>=0.10.0'}