Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-27 14:22:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add validation IpAddressMatcher

Browse Source 
Closes gh-13621
This commit is contained in:
Federico Herrera 2024-01-24 23:08:05 -03:00 committed by Josh Cummings
parent d7599ab192
commit c1adeef0da
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
web/src/main/java/org/springframework/security/web/util/matcher/IpAddressMatcher.java
View File

@ -47,6 +47,7 @@ public final class IpAddressMatcher implements RequestMatcher {
* come. * come.
*/ */
public IpAddressMatcher(String ipAddress) { public IpAddressMatcher(String ipAddress) {
assertStartsWithHexa(ipAddress);
if (ipAddress.indexOf('/') > 0) { if (ipAddress.indexOf('/') > 0) {
String[] addressAndMask = StringUtils.split(ipAddress, "/"); String[] addressAndMask = StringUtils.split(ipAddress, "/");
ipAddress = addressAndMask[0]; ipAddress = addressAndMask[0];
@ -67,6 +68,7 @@ public final class IpAddressMatcher implements RequestMatcher {
} }
public boolean matches(String address) { public boolean matches(String address) {
assertStartsWithHexa(address);
InetAddress remoteAddress = parseAddress(address); InetAddress remoteAddress = parseAddress(address);
if (!this.requiredAddress.getClass().equals(remoteAddress.getClass())) { if (!this.requiredAddress.getClass().equals(remoteAddress.getClass())) {
return false; return false;
@ -89,6 +91,13 @@ public final class IpAddressMatcher implements RequestMatcher {
return true; return true;
} }
private void assertStartsWithHexa(String ipAddress) {
Assert.isTrue(
ipAddress.charAt(0) == '[' || ipAddress.charAt(0) == ':'
|| Character.digit(ipAddress.charAt(0), 16) != -1,
"ipAddress must start with a [, :, or a hexadecimal digit");
}
private InetAddress parseAddress(String address) { private InetAddress parseAddress(String address) {
try { try {
return InetAddress.getByName(address); return InetAddress.getByName(address);

6
web/src/test/java/org/springframework/security/web/util/matcher/IpAddressMatcherTests.java
View File

@ -105,4 +105,10 @@ public class IpAddressMatcherTests {
"fe80::21f:5bff:fe33:bd68", 129)); "fe80::21f:5bff:fe33:bd68", 129));
} }
@Test
public void invalidAddressThenIllegalArgumentException() {
assertThatIllegalArgumentException().isThrownBy(() -> new IpAddressMatcher("invalid-ip"))
.withMessage("ipAddress must start with a [, :, or a hexadecimal digit");
}
} }