agent/protection/http: fix the client ip of a XFF entry with a port n…

…umber
sqreen · Jun 30, 2020 · 794d6e2 · 794d6e2
1 parent 39877be
commit 794d6e2
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/internal/protection/http/http.go b/internal/protection/http/http.go
@@ -301,6 +301,7 @@ func ClientIP(remoteAddr string, headers http.Header, prioritizedIPHeader string
 	check := func(value string) net.IP {
 		for _, ip := range strings.Split(value, ",") {
 			ipStr := strings.Trim(ip, " ")
+			ipStr, _ = splitHostPort(ipStr)
 			ip := net.ParseIP(ipStr)
 			if ip == nil {
 				return nil
@@ -344,7 +345,8 @@ func ClientIP(remoteAddr string, headers http.Header, prioritizedIPHeader string
 			return ip
 		}
 	}
-	remoteIPStr, _ := splitHostPort(remoteAddr) // FIXME: replace by net.SplitHostPort?
+
+	remoteIPStr, _ := splitHostPort(remoteAddr)
 	if remoteIPStr == "" {
 		if privateIP != nil {
 			return privateIP

diff --git a/internal/protection/http/http_test.go b/internal/protection/http/http_test.go
@@ -277,6 +277,14 @@ func TestGetClientIP(t *testing.T) {
 					"X-Forwarded-For": RandPrivateIPv4().String() + "," + RandPrivateIPv4().String() + "," + globalIP.String() + "," + RandPrivateIPv4().String(),
 				},
 			},
+
+			{
+				expected:   "152.23.231.25",
+				remoteAddr: "127.0.0.1",
+				extraHeaders: map[string]string{
+					"X-Forwarded-For": "127.0.0.1, 152.23.231.25:98746, 10.1.2.3, 152.23.231.29, 8.8.8.8",
+				},
+			},
 		} {
 			tc := tc
 			t.Run(tc.expected, func(t *testing.T) {