Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Sentry::Utils::RealIP not filtering trusted proxies when part of IP subnet passed as IPAddr to trusted_proxies. #1498

Merged
merged 1 commit into from
Jul 8, 2021
Merged

Fix Sentry::Utils::RealIP not filtering trusted proxies when part of IP subnet passed as IPAddr to trusted_proxies. #1498

merged 1 commit into from
Jul 8, 2021

Conversation

vojtad
Copy link
Contributor

@vojtad vojtad commented Jul 7, 2021

Filtering trusted proxies based on list of IP subnets passed as instances of IPAddr got broken in #1288.

When calling IPAddr#to_s resulting string doesn't contain the IP mask. Therefore when creating IPAddr again from this string IP mask is lost and filtering trusted proxies is broken.

I changed Sentry::Utils::RealIP to only call .to_s when trusted proxy entry is not an instance of IPAddr. This keeps complete information about defined IP subnet as trusted proxy and makes filtering work as expected.

I've also added a test for this case.

This PR also fixes Sentry::Utils::RealIP with proxies loaded from Rails' config.action_dispatch.trusted_proxies because they are stored as instances of IPAddr.

@vojtad
Fix Sentry::Utils::RealIP not filtering trusted proxies when part o…
b0ed47c 
…f IP subnet passed as `IPAddr` to `trusted_proxies`.

Also fixes `Sentry::Utils::RealIP` with proxies loaded from Rails' `config.action_dispatch.trusted_proxies` because they are stored as instances of `IPAddr`.
@codecov-commenter
Copy link

codecov-commenter commented Jul 8, 2021
edited
Loading

Codecov Report

Merging #1498 (f8c85f0) into master (7b9f8fc) will increase coverage by 0.56%.
The diff coverage is 100.00%.

❗ Current head f8c85f0 differs from pull request most recent head b0ed47c. Consider uploading reports for the commit b0ed47c to get more accurate results
Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1498      +/-   ##
==========================================
+ Coverage   98.21%   98.78%   +0.56%     
==========================================
  Files         218      123      -95     
  Lines       10553     6723    -3830     
==========================================
- Hits        10365     6641    -3724     
+ Misses        188       82     -106
Impacted Files Coverage Δ
sentry-ruby/lib/sentry/utils/real_ip.rb 100.00% <100.00%> (ø)
sentry-ruby/spec/sentry/utils/real_ip_spec.rb 100.00% <100.00%> (ø)
sentry-rails/lib/sentry/rails/railtie.rb 100.00% <0.00%> (ø)
...ven/lib/raven/breadcrumbs/active_support_logger.rb
sentry-raven/lib/raven/interfaces/message.rb
...try-raven/lib/sentry-raven-without-integrations.rb
...raven/integrations/rails/controller_transaction.rb
...b/raven/integrations/sidekiq/cleanup_middleware.rb
sentry-raven/lib/raven/processor/cookies.rb
sentry-raven/lib/raven/base.rb
... and 88 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7b9f8fc...b0ed47c. Read the comment docs.

@st0012 st0012 added this to the 4.7.0 milestone Jul 8, 2021
st0012
st0012 approved these changes Jul 8, 2021
View reviewed changes
Copy link
Collaborator

@st0012 st0012 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you for the fix 👍

@st0012 st0012 merged commit 4d7d9ac into getsentry:master Jul 8, 2021
@st0012 st0012 modified the milestones: 4.7.0, 4.6.1 Jul 8, 2021
@vojtad vojtad deleted the fix-real-ip branch July 8, 2021 08:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@st0012 st0012 st0012 approved these changes

Assignees
No one assigned
Labels
sentry-rails
Projects
None yet
Milestone
4.6.1
Development

Successfully merging this pull request may close these issues.
3 participants
@vojtad @codecov-commenter @st0012