Merge pull request #115 from wikimedia/bug/T247770

Fix local IP address detection
wikimedia · Jun 15, 2020 · e786545 · e786545
2 parents 9725998 + 434ab49
commit e786545
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 2 deletions.
diff --git a/lib/regex.js b/lib/regex.js
@@ -0,0 +1,12 @@
+'use strict';
+
+/**
+ * Regular expression to classify if a valid IPv4 or IPv6 address is local.
+ * Note: does not validate that the string is a valid IPv4 or IPv6 address.
+ * Note: assumes the local IP address uses the private class A address range.
+ */
+const LOCAL_IP = /^::1$|^(?:::ffff:)?(?:10|127)\./;
+
+module.exports = {
+    LOCAL_IP
+};
diff --git a/lib/server.js b/lib/server.js
@@ -20,6 +20,7 @@ const URI = require('swagger-router').URI;
 
 const exporting = require('./exports');
 const HyperSwitch = require('./hyperswitch');
+const Regex = require('./regex');
 const Router = require('./router');
 const utils = require('./utils');
 
@@ -284,7 +285,7 @@ function handleRequest(opts, req, resp) {
      * request are thus recorded in .internal or .internal_update prefixed
      * metric trees.
      */
-    if (/^::1|(?:::ffff:)?(?:10|127)\./.test(remoteAddr)) {
+    if (Regex.LOCAL_IP.test(remoteAddr)) {
         if (req.headers['cache-control'] && /no-cache/i.test(req.headers['cache-control'])) {
             reqOpts.metrics = opts.child_metrics.internal_update;
             req.headers['x-request-class'] = 'internal_update';

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "hyperswitch",
-  "version": "0.13.0",
+  "version": "0.13.1",
   "description": "REST API creation framework",
   "main": "index.js",
   "scripts": {

diff --git a/test/regex/regex.unit.js b/test/regex/regex.unit.js
@@ -0,0 +1,40 @@
+'use strict';
+
+var assert = require('../utils/assert.js');
+var lib = require('../../lib/regex');
+
+describe('Regular expressions', () => {
+    describe('should recognize internal addresses', () => {
+        it('IPv4: loopback address to the local host', () => {
+            assert.deepEqual(lib.LOCAL_IP.test('127.0.0.1'), true);
+        });
+
+        it('IPv4: private address, class A', () => {
+            assert.deepEqual(lib.LOCAL_IP.test('10.0.0.1'), true);
+        });
+
+        it('IPv6: loopback address to the local host', () => {
+            assert.deepEqual(lib.LOCAL_IP.test('::1'), true);
+        });
+
+        it('IPv6: IPv4 mapped address', () => {
+            assert.deepEqual(lib.LOCAL_IP.test('::ffff:10.0.0.0'), true);
+        });
+    });
+
+    describe('should recognize external addresses', () => {
+        it('external IPv4 address', () => {
+            assert.deepEqual(lib.LOCAL_IP.test('55.55.55.55'), false);
+        });
+
+        // https://phabricator.wikimedia.org/T247770
+        it('external IPv4 address with a 10 inside', () => {
+            assert.deepEqual(lib.LOCAL_IP.test('55.55.10.55'), false);
+        });
+
+        // https://phabricator.wikimedia.org/T247770
+        it('external IPv4 address with a 127 inside', () => {
+            assert.deepEqual(lib.LOCAL_IP.test('55.127.55.55'), false);
+        });
+    });
+});