Fix Sentry::Utils::RealIP
not filtering trusted proxies when part of IP subnet passed as IPAddr
to trusted_proxies
.
#1498
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Filtering trusted proxies based on list of IP subnets passed as instances of
IPAddr
got broken in #1288.When calling
IPAddr#to_s
resulting string doesn't contain the IP mask. Therefore when creatingIPAddr
again from this string IP mask is lost and filtering trusted proxies is broken.I changed
Sentry::Utils::RealIP
to only call.to_s
when trusted proxy entry is not an instance ofIPAddr
. This keeps complete information about defined IP subnet as trusted proxy and makes filtering work as expected.I've also added a test for this case.
This PR also fixes
Sentry::Utils::RealIP
with proxies loaded from Rails'config.action_dispatch.trusted_proxies
because they are stored as instances ofIPAddr
.