Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect weird local ips #34160

Merged
merged 7 commits into from
Sep 22, 2022
Merged

Detect weird local ips #34160

merged 7 commits into from
Sep 22, 2022

Conversation

come-nc
Copy link
Contributor

@come-nc come-nc commented Sep 20, 2022
edited
Loading

Use new dependency to detect weird syntaxes

@come-nc
Harden tests for local IP detection in URLs
c083f77 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc
Add missing urldecode and idn_to_utf8 calls to local address checker
a907b74 
The call to idn_to_utf8 call is actually to apply normalization

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc
Add mlocati/ip-lib dependency
6b876bb 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc
Use new dependency to normalize IPs
7ac688a 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc
Fix tests for nested v4 in v6
31117fa 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc come-nc added the 3. to review Waiting for reviews label Sep 20, 2022
@come-nc come-nc added this to the Nextcloud 25 milestone Sep 20, 2022
@come-nc come-nc self-assigned this Sep 20, 2022
@come-nc come-nc requested review from ChristophWurst, a team, icewind1991, blizzz, skjnldsv and nickvergessen and removed request for a team September 20, 2022 10:48
@kesselb
Copy link
Contributor

kesselb commented Sep 20, 2022

Thanks for taking care 👍

In theory we can drop the iputils (symfony http-foundation) again and only use the ip-lib package: https://github.com/mlocati/ip-lib#check-if-an-address-is-contained-in-a-range

This could also help with #33567

@blizzz blizzz mentioned this pull request Sep 20, 2022
Closed
@come-nc
Copy link
Contributor Author

come-nc commented Sep 20, 2022

Thanks for taking care +1

In theory we can drop the iputils (symfony http-foundation) again and only use the ip-lib package: https://github.com/mlocati/ip-lib#check-if-an-address-is-contained-in-a-range

This could also help with #33567

Hum but I trust the range detection in symfony more, especially it correctly tests ipv6 in ipv4 ranges, which ip-lib does not.
But as our code translates the IP to v4 if it maps, maybe it is not a problem.

@kesselb
Copy link
Contributor

kesselb commented Sep 20, 2022

Thanks for taking care +1
In theory we can drop the iputils (symfony http-foundation) again and only use the ip-lib package: https://github.com/mlocati/ip-lib#check-if-an-address-is-contained-in-a-range
This could also help with #33567

Hum but I trust the range detection in symfony more, especially it correctly tests ipv6 in ipv4 ranges, which ip-lib does not. But as our code translates the IP to v4 if it maps, maybe it is not a problem.

Good point 👍

@come-nc
Copy link
Contributor Author

come-nc commented Sep 20, 2022

@kesselb I can make a PR to use ip-lib instead of iputils but I’d like to do so in a separate PR once this one is merged.

@nickvergessen
Copy link
Member

3rdparty merged

@kesselb
Copy link
Contributor

kesselb commented Sep 20, 2022

@kesselb I can make a PR to use ip-lib instead of iputils but I’d like to do so in a separate PR once this one is merged.

Sorry I was just thinking loud. The current way is fine and we can combine both libraries.

@come-nc
Update 3rdparty to master
b3b98a3 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@come-nc
Copy link
Contributor Author

come-nc commented Sep 20, 2022

/backport to stable24

@come-nc
Copy link
Contributor Author

come-nc commented Sep 20, 2022

/backport to stable23

@nickvergessen
Copy link
Member

/backport to stable22

@come-nc
Fix idn_to_utf8 stub signature
7532859 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
@blizzz blizzz mentioned this pull request Sep 22, 2022
Merged
2 tasks
@PVince81
Copy link
Member

/backport to stable25

PVince81
PVince81 approved these changes Sep 22, 2022
View reviewed changes
Copy link
Member

@PVince81 PVince81 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@PVince81 PVince81 merged commit 2f15e83 into master Sep 22, 2022
@PVince81 PVince81 deleted the fix/detect-weird-local-ips branch September 22, 2022 09:38
@blizzz blizzz modified the milestones: Nextcloud 25, Nextcloud 26 Sep 22, 2022
@blizzz
Copy link
Member

blizzz commented Sep 22, 2022

/backport to stable25

@come-nc come-nc mentioned this pull request Sep 22, 2022
Merged
This was referenced Nov 14, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PVince81 PVince81 PVince81 approved these changes

@nickvergessen nickvergessen nickvergessen approved these changes

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

@icewind1991 icewind1991 Awaiting requested review from icewind1991

@blizzz blizzz Awaiting requested review from blizzz

@skjnldsv skjnldsv Awaiting requested review from skjnldsv

@CarlSchwan CarlSchwan Awaiting requested review from CarlSchwan

Assignees

@come-nc come-nc

Labels
3. to review Waiting for reviews
Projects
None yet
Milestone
Nextcloud 26
Development

Successfully merging this pull request may close these issues.
5 participants
@come-nc @kesselb @nickvergessen @PVince81 @blizzz