Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-1733: Support explicit zero netmask correctly.

This commit is contained in:
Luke Taylor 2011-06-07 12:15:07 +01:00
parent c9b328d8c7
commit 685f12c5a0
2 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
web/src/main/java/org/springframework/security/web/util/IpAddressMatcher.java
View File

@ -17,7 +17,7 @@ import org.springframework.util.StringUtils;
* @author Luke Taylor * @author Luke Taylor
* @since 3.0.2 * @since 3.0.2
*/ */
public class IpAddressMatcher implements RequestMatcher { public final class IpAddressMatcher implements RequestMatcher {
private final int nMaskBits; private final int nMaskBits;
private final InetAddress requiredAddress; private final InetAddress requiredAddress;
@ -34,19 +34,23 @@ public class IpAddressMatcher implements RequestMatcher {
ipAddress = addressAndMask[0]; ipAddress = addressAndMask[0];
nMaskBits = Integer.parseInt(addressAndMask[1]); nMaskBits = Integer.parseInt(addressAndMask[1]);
} else { } else {
nMaskBits = 0; nMaskBits = -1;
} }
requiredAddress = parseAddress(ipAddress); requiredAddress = parseAddress(ipAddress);
} }
public boolean matches(HttpServletRequest request) { public boolean matches(HttpServletRequest request) {
InetAddress remoteAddress = parseAddress(request.getRemoteAddr()); return matches(request.getRemoteAddr());
}
public boolean matches(String address) {
InetAddress remoteAddress = parseAddress(address);
if (!requiredAddress.getClass().equals(remoteAddress.getClass())) { if (!requiredAddress.getClass().equals(remoteAddress.getClass())) {
return false; return false;
} }
if (nMaskBits == 0) { if (nMaskBits < 0) {
return remoteAddress.equals(requiredAddress); return remoteAddress.equals(requiredAddress);
} }

24
web/src/test/java/org/springframework/security/web/util/IpAddressMatcherTests.java
View File

@ -28,7 +28,6 @@ public class IpAddressMatcherTests {
assertTrue(v6matcher.matches(ipv6Request)); assertTrue(v6matcher.matches(ipv6Request));
} }
@Test @Test
public void ipv6MatcherDoesntMatchIpv4Address() { public void ipv6MatcherDoesntMatchIpv4Address() {
assertFalse(v6matcher.matches(ipv4Request)); assertFalse(v6matcher.matches(ipv4Request));
@ -48,4 +47,27 @@ public class IpAddressMatcherTests {
ipv4Request.setRemoteAddr("192.168.1.159"); // 159 = 0x9f ipv4Request.setRemoteAddr("192.168.1.159"); // 159 = 0x9f
assertTrue(matcher.matches(ipv4Request)); assertTrue(matcher.matches(ipv4Request));
} }
@Test
public void ipv6RangeMatches() throws Exception {
IpAddressMatcher matcher = new IpAddressMatcher("2001:DB8::/48");
assertTrue(matcher.matches("2001:DB8:0:0:0:0:0:0"));
assertTrue(matcher.matches("2001:DB8:0:0:0:0:0:1"));
assertTrue(matcher.matches("2001:DB8:0:FFFF:FFFF:FFFF:FFFF:FFFF"));
assertFalse(matcher.matches("2001:DB8:1:0:0:0:0:0"));
}
// SEC-1733
@Test
public void zeroMaskMatchesAnything() throws Exception {
IpAddressMatcher matcher = new IpAddressMatcher("0.0.0.0/0");
assertTrue(matcher.matches("123.4.5.6"));
assertTrue(matcher.matches("192.168.0.159"));
matcher = new IpAddressMatcher("192.168.0.159/0");
assertTrue(matcher.matches("123.4.5.6"));
assertTrue(matcher.matches("192.168.0.159"));
}
} }