Allow $private HTTP rule to block any private IP

This is a little magic compared with our previous approach of "list every private IP range", but given then the sheer number we were missing[1][2] this feels more reasonable. Also refactor out some of the logic into separate classes, hopefully to make things a little cleaner. Fixes #594. [1]: https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml [2]: https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
2025-11-20 07:05:14 +00:00 · 2020-12-05 11:32:00 +00:00
parent 24d3777722
commit d83a68f3ff
7 changed files with 209 additions and 144 deletions
--- a/src/test/java/dan200/computercraft/core/apis/http/options/AddressRuleTest.java
+++ b/src/test/java/dan200/computercraft/core/apis/http/options/AddressRuleTest.java
@@ -6,7 +6,10 @@

 package dan200.computercraft.core.apis.http.options;

+import dan200.computercraft.ComputerCraft;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;

 import java.net.InetSocketAddress;
 import java.util.Collections;
@@ -27,6 +30,17 @@ public class AddressRuleTest
        assertEquals( apply( rules, "localhost", 8081 ).action, Action.DENY );
    }

+    @ParameterizedTest
+    @ValueSource( strings = {
+        "0.0.0.0", "[::]",
+        "localhost", "lvh.me", "127.0.0.1", "[::1]",
+        "172.17.0.1", "192.168.1.114", "[0:0:0:0:0:ffff:c0a8:172]", "10.0.0.1"
+    } )
+    public void blocksLocalDomains( String domain )
+    {
+        assertEquals( apply( ComputerCraft.httpRules, domain, 80 ).action, Action.DENY );
+    }
+
    private Options apply( Iterable<AddressRule> rules, String host, int port )
    {
        return AddressRule.apply( rules, host, new InetSocketAddress( host, port ) );