NotificationsYou must be signed in to change notification settings
Fork32.4k
Star67.9k

Commit40d75c2

authored

GH-113171: Fix "private" (non-global) IP address ranges (GH-113179)

*GH-113171: Fix "private" (really non-global) IP address rangesThe _private_networks variables, used by various is_privateimplementations, were missing some ranges and at the same time hadoverly strict ranges (where there are more specific ranges consideredglobally reachable by the IANA registries).This patch updates the ranges with what was missing or otherwiseincorrect.I left 100.64.0.0/10 alone, for now, as it's been made special in [1]and I'm not sure if we want to undo that as I don't quite understand themotivation behind it.The _address_exclude_many() call returns 8 networks for IPv4, 121networks for IPv6.[1]#61602

1 parent3be9b9d commit40d75c2Copy full SHA for 40d75c2

File tree

5 files changed

+82

-7

lines changed

Doc
- library
  - ipaddress.rst
- whatsnew
  - 3.13.rst
Lib
- ipaddress.py
- test
  - test_ipaddress.py
Misc/NEWS.d/next/Library
- 2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst

5 files changed

+82

-7

lines changed

`‎Doc/library/ipaddress.rst`

Lines changed: 16 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -192,6 +192,18 @@ write code that handles both IP versions correctly. Address objects are`
`192`	`192`	``is_private`` has value opposite to:attr:`is_global`, except for the shared address space
`193`	`193`	(``100.64.0.0/10`` range) where they are both ``False``.
`194`	`194`
	`195`	`+ ..versionchanged::3.13`
	`196`	`+`
	`197`	`+ Fixed some false positives and false negatives.`
	`198`	`+`
	`199`	+ * ``192.0.0.0/24`` is considered private with the exception of ``192.0.0.9/32`` and
	`200`	+ ``192.0.0.10/32`` (previously: only the ``192.0.0.0/29`` sub-range was considered private).
	`201`	+ * ``64:ff9b:1::/48`` is considered private.
	`202`	+ * ``2002::/16`` is considered private.
	`203`	+ * There are exceptions within ``2001::/23`` (otherwise considered private): ``2001:1::1/128``,
	`204`	+ ``2001:1::2/128``, ``2001:3::/32``, ``2001:4:112::/48``, ``2001:20::/28``, ``2001:30::/28``.
	`205`	`+ The exceptions are not considered private.`
	`206`	`+`
`195`	`207`	`..attribute::is_global`
`196`	`208`
`197`	`209`	``True`` if the address is defined as globally reachable by
`@@ -209,6 +221,10 @@ write code that handles both IP versions correctly. Address objects are`
`209`	`221`
`210`	`222`	`..versionadded::3.4`
`211`	`223`
	`224`	`+ ..versionchanged::3.13`
	`225`	`+`
	`226`	+ Fixed some false positives and false negatives, see:attr:`is_private` for details.
	`227`	`+`
`212`	`228`	`..attribute::is_unspecified`
`213`	`229`
`214`	`230`	``True`` if the address is unspecified. See:RFC:`5735` (for IPv4)

`‎Doc/whatsnew/3.13.rst`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -401,6 +401,8 @@ ipaddress`
`401`	`401`
`402`	`402`	* Add the:attr:`ipaddress.IPv4Address.ipv6_mapped` property, which returns the IPv4-mapped IPv6 address.
`403`	`403`	(Contributed by Charles Machalow in:gh:`109466`.)
	`404`	+* Fix ``is_global`` and ``is_private`` behavior in ``IPv4Address``, ``IPv6Address``, ``IPv4Network``
	`405`	+ and ``IPv6Network``.
`404`	`406`
`405`	`407`	`itertools`
`406`	`408`	`---------`

`‎Lib/ipaddress.py`

Lines changed: 35 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -1086,7 +1086,11 @@ def is_private(self):`
`1086`	`1086`	`"""`
`1087`	`1087`	`returnany(self.network_addressinpriv_networkand`
`1088`	`1088`	`self.broadcast_addressinpriv_network`
`1089`		`-forpriv_networkinself._constants._private_networks)`
	`1089`	`+forpriv_networkinself._constants._private_networks)andall(`
	`1090`	`+self.network_addressnotinnetworkand`
	`1091`	`+self.broadcast_addressnotinnetwork`
	`1092`	`+fornetworkinself._constants._private_networks_exceptions`
	`1093`	`+ )`
`1090`	`1094`
`1091`	`1095`	`@property`
`1092`	`1096`	`defis_global(self):`
`@@ -1347,7 +1351,10 @@ def is_private(self):`
`1347`	`1351`	``is_private`` has value opposite to :attr:`is_global`, except for the ``100.64.0.0/10``
`1348`	`1352`	IPv4 range where they are both ``False``.
`1349`	`1353`	`"""`
`1350`		`-returnany(selfinnetfornetinself._constants._private_networks)`
	`1354`	`+return (`
	`1355`	`+any(selfinnetfornetinself._constants._private_networks)`
	`1356`	`+andall(selfnotinnetfornetinself._constants._private_networks_exceptions)`
	`1357`	`+ )`
`1351`	`1358`
`1352`	`1359`	`@property`
`1353`	`1360`	`@functools.lru_cache()`
`@@ -1578,13 +1585,15 @@ class _IPv4Constants:`
`1578`	`1585`
`1579`	`1586`	`_public_network=IPv4Network('100.64.0.0/10')`
`1580`	`1587`
	`1588`	`+# Not globally reachable address blocks listed on`
	`1589`	`+# https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml`
`1581`	`1590`	`_private_networks= [`
`1582`	`1591`	`IPv4Network('0.0.0.0/8'),`
`1583`	`1592`	`IPv4Network('10.0.0.0/8'),`
`1584`	`1593`	`IPv4Network('127.0.0.0/8'),`
`1585`	`1594`	`IPv4Network('169.254.0.0/16'),`
`1586`	`1595`	`IPv4Network('172.16.0.0/12'),`
`1587`		`-IPv4Network('192.0.0.0/29'),`
	`1596`	`+IPv4Network('192.0.0.0/24'),`
`1588`	`1597`	`IPv4Network('192.0.0.170/31'),`
`1589`	`1598`	`IPv4Network('192.0.2.0/24'),`
`1590`	`1599`	`IPv4Network('192.168.0.0/16'),`
`@@ -1595,6 +1604,11 @@ class _IPv4Constants:`
`1595`	`1604`	`IPv4Network('255.255.255.255/32'),`
`1596`	`1605`	`]`
`1597`	`1606`
	`1607`	`+_private_networks_exceptions= [`
	`1608`	`+IPv4Network('192.0.0.9/32'),`
	`1609`	`+IPv4Network('192.0.0.10/32'),`
	`1610`	`+ ]`
	`1611`	`+`
`1598`	`1612`	`_reserved_network=IPv4Network('240.0.0.0/4')`
`1599`	`1613`
`1600`	`1614`	`_unspecified_address=IPv4Address('0.0.0.0')`
`@@ -2086,7 +2100,10 @@ def is_private(self):`
`2086`	`2100`	`ipv4_mapped=self.ipv4_mapped`
`2087`	`2101`	`ifipv4_mappedisnotNone:`
`2088`	`2102`	`returnipv4_mapped.is_private`
`2089`		`-returnany(selfinnetfornetinself._constants._private_networks)`
	`2103`	`+return (`
	`2104`	`+any(selfinnetfornetinself._constants._private_networks)`
	`2105`	`+andall(selfnotinnetfornetinself._constants._private_networks_exceptions)`
	`2106`	`+ )`
`2090`	`2107`
`2091`	`2108`	`@property`
`2092`	`2109`	`defis_global(self):`
`@@ -2342,19 +2359,31 @@ class _IPv6Constants:`
`2342`	`2359`
`2343`	`2360`	`_multicast_network=IPv6Network('ff00::/8')`
`2344`	`2361`
	`2362`	`+# Not globally reachable address blocks listed on`
	`2363`	`+# https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml`
`2345`	`2364`	`_private_networks= [`
`2346`	`2365`	`IPv6Network('::1/128'),`
`2347`	`2366`	`IPv6Network('::/128'),`
`2348`	`2367`	`IPv6Network('::ffff:0:0/96'),`
	`2368`	`+IPv6Network('64:ff9b:1::/48'),`
`2349`	`2369`	`IPv6Network('100::/64'),`
`2350`	`2370`	`IPv6Network('2001::/23'),`
`2351`		`-IPv6Network('2001:2::/48'),`
`2352`	`2371`	`IPv6Network('2001:db8::/32'),`
`2353`		`-IPv6Network('2001:10::/28'),`
	`2372`	`+# IANA says N/A, let's consider it not globally reachable to be safe`
	`2373`	`+IPv6Network('2002::/16'),`
`2354`	`2374`	`IPv6Network('fc00::/7'),`
`2355`	`2375`	`IPv6Network('fe80::/10'),`
`2356`	`2376`	`]`
`2357`	`2377`
	`2378`	`+_private_networks_exceptions= [`
	`2379`	`+IPv6Network('2001:1::1/128'),`
	`2380`	`+IPv6Network('2001:1::2/128'),`
	`2381`	`+IPv6Network('2001:3::/32'),`
	`2382`	`+IPv6Network('2001:4:112::/48'),`
	`2383`	`+IPv6Network('2001:20::/28'),`
	`2384`	`+IPv6Network('2001:30::/28'),`
	`2385`	`+ ]`
	`2386`	`+`
`2358`	`2387`	`_reserved_networks= [`
`2359`	`2388`	`IPv6Network('::/8'),IPv6Network('100::/8'),`
`2360`	`2389`	`IPv6Network('200::/7'),IPv6Network('400::/6'),`

`‎Lib/test/test_ipaddress.py`

Lines changed: 20 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -2288,6 +2288,10 @@ def testReservedIpv4(self):`
`2288`	`2288`	`self.assertEqual(True,ipaddress.ip_address(`
`2289`	`2289`	`'172.31.255.255').is_private)`
`2290`	`2290`	`self.assertEqual(False,ipaddress.ip_address('172.32.0.0').is_private)`
	`2291`	`+self.assertFalse(ipaddress.ip_address('192.0.0.0').is_global)`
	`2292`	`+self.assertTrue(ipaddress.ip_address('192.0.0.9').is_global)`
	`2293`	`+self.assertTrue(ipaddress.ip_address('192.0.0.10').is_global)`
	`2294`	`+self.assertFalse(ipaddress.ip_address('192.0.0.255').is_global)`
`2291`	`2295`
`2292`	`2296`	`self.assertEqual(True,`
`2293`	`2297`	`ipaddress.ip_address('169.254.100.200').is_link_local)`
`@@ -2313,6 +2317,7 @@ def testPrivateNetworks(self):`
`2313`	`2317`	`self.assertEqual(True,ipaddress.ip_network("169.254.0.0/16").is_private)`
`2314`	`2318`	`self.assertEqual(True,ipaddress.ip_network("172.16.0.0/12").is_private)`
`2315`	`2319`	`self.assertEqual(True,ipaddress.ip_network("192.0.0.0/29").is_private)`
	`2320`	`+self.assertEqual(False,ipaddress.ip_network("192.0.0.9/32").is_private)`
`2316`	`2321`	`self.assertEqual(True,ipaddress.ip_network("192.0.0.170/31").is_private)`
`2317`	`2322`	`self.assertEqual(True,ipaddress.ip_network("192.0.2.0/24").is_private)`
`2318`	`2323`	`self.assertEqual(True,ipaddress.ip_network("192.168.0.0/16").is_private)`
`@@ -2329,8 +2334,8 @@ def testPrivateNetworks(self):`
`2329`	`2334`	`self.assertEqual(True,ipaddress.ip_network("::/128").is_private)`
`2330`	`2335`	`self.assertEqual(True,ipaddress.ip_network("::ffff:0:0/96").is_private)`
`2331`	`2336`	`self.assertEqual(True,ipaddress.ip_network("100::/64").is_private)`
`2332`		`-self.assertEqual(True,ipaddress.ip_network("2001::/23").is_private)`
`2333`	`2337`	`self.assertEqual(True,ipaddress.ip_network("2001:2::/48").is_private)`
	`2338`	`+self.assertEqual(False,ipaddress.ip_network("2001:3::/48").is_private)`
`2334`	`2339`	`self.assertEqual(True,ipaddress.ip_network("2001:db8::/32").is_private)`
`2335`	`2340`	`self.assertEqual(True,ipaddress.ip_network("2001:10::/28").is_private)`
`2336`	`2341`	`self.assertEqual(True,ipaddress.ip_network("fc00::/7").is_private)`
`@@ -2409,6 +2414,20 @@ def testReservedIpv6(self):`
`2409`	`2414`	`self.assertEqual(True,ipaddress.ip_address('0::0').is_unspecified)`
`2410`	`2415`	`self.assertEqual(False,ipaddress.ip_address('::1').is_unspecified)`
`2411`	`2416`
	`2417`	`+self.assertFalse(ipaddress.ip_address('64:ff9b:1::').is_global)`
	`2418`	`+self.assertFalse(ipaddress.ip_address('2001::').is_global)`
	`2419`	`+self.assertTrue(ipaddress.ip_address('2001:1::1').is_global)`
	`2420`	`+self.assertTrue(ipaddress.ip_address('2001:1::2').is_global)`
	`2421`	`+self.assertFalse(ipaddress.ip_address('2001:2::').is_global)`
	`2422`	`+self.assertTrue(ipaddress.ip_address('2001:3::').is_global)`
	`2423`	`+self.assertFalse(ipaddress.ip_address('2001:4::').is_global)`
	`2424`	`+self.assertTrue(ipaddress.ip_address('2001:4:112::').is_global)`
	`2425`	`+self.assertFalse(ipaddress.ip_address('2001:10::').is_global)`
	`2426`	`+self.assertTrue(ipaddress.ip_address('2001:20::').is_global)`
	`2427`	`+self.assertTrue(ipaddress.ip_address('2001:30::').is_global)`
	`2428`	`+self.assertFalse(ipaddress.ip_address('2001:40::').is_global)`
	`2429`	`+self.assertFalse(ipaddress.ip_address('2002::').is_global)`
	`2430`	`+`
`2412`	`2431`	`# some generic IETF reserved addresses`
`2413`	`2432`	`self.assertEqual(True,ipaddress.ip_address('100::').is_reserved)`
`2414`	`2433`	`self.assertEqual(True,ipaddress.ip_network('4000::1/128').is_reserved)`

`‎Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,9 @@`
	`1`	`+Fixed various false positives and false negatives in`
	`2`	`+`
	`3`	+*:attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
	`4`	+*:attr:`ipaddress.IPv4Address.is_global`
	`5`	+*:attr:`ipaddress.IPv6Address.is_private`
	`6`	+*:attr:`ipaddress.IPv6Address.is_global`
	`7`	`+`
	`8`	+Also in the corresponding:class:`ipaddress.IPv4Network` and:class:`ipaddress.IPv6Network`
	`9`	`+attributes.`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit40d75c2

File tree

5 files changed

5 files changed

`‎Doc/library/ipaddress.rst`

`‎Doc/whatsnew/3.13.rst`

`‎Lib/ipaddress.py`

`‎Lib/test/test_ipaddress.py`

`‎Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst`

0 commit comments