NotificationsYou must be signed in to change notification settings
Fork9.6k
Star30.4k

Commit38b5992

committed

feature#49726 [HttpFoundation] Add IpUtils::isPrivateIp (danielburger1337)

This PR was squashed before being merged into the 6.3 branch.Discussion----------[HttpFoundation] Add IpUtils::isPrivateIp| Q | A| ------------- | ---| Branch? | 6.3| Bug fix? | no| New feature? | yes| Deprecations? | no| Tickets | N/A| License | MIT| Doc PR |symfony/symfony-docs#18102This is only my second PR for this project, so I hope I followed all the guidelines correctly.Recently I had more and more use cases where I had to make exceptions (mostly rate limiting) for private IP ranges.Symfony currently does not provide an easy way to check if an IP is private or public but implements such logic internally (private constant) for the [NoPrivateNetworkHttpClient](https://github.com/symfony/symfony/blob/6.3/src/Symfony/Component/HttpClient/NoPrivateNetworkHttpClient.php).This PR intents to make the private subnet list reusable by adding it to [IpUtils](https://github.com/symfony/symfony/blob/6.3/src/Symfony/Component/HttpFoundation/IpUtils.php).In the original PR of the NoPrivateNetworkHttpClient it was also briefly mentioned that this constant may have value when made public.#35566 (comment)I think symfony should and always should have exposed this constant.Commits-------6471582 [HttpFoundation] Add IpUtils::isPrivateIp

2 parentsd5a4cb1 +6471582 commit38b5992Copy full SHA for 38b5992

File tree

5 files changed

+59

-16

lines changed

src/Symfony/Component
- HttpClient
  - NoPrivateNetworkHttpClient.php
  - composer.json
- HttpFoundation
  - CHANGELOG.md
  - IpUtils.php
  - Tests
    - IpUtilsTest.php

5 files changed

+59

-16

lines changed

`‎src/Symfony/Component/HttpClient/NoPrivateNetworkHttpClient.php`

Lines changed: 1 addition & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,21 +30,6 @@ final class NoPrivateNetworkHttpClient implements HttpClientInterface, LoggerAwa`
`30`	`30`	`{`
`31`	`31`	`use HttpClientTrait;`
`32`	`32`
`33`		`-privateconstPRIVATE_SUBNETS = [`
`34`		`-'127.0.0.0/8',`
`35`		`-'10.0.0.0/8',`
`36`		`-'192.168.0.0/16',`
`37`		`-'172.16.0.0/12',`
`38`		`-'169.254.0.0/16',`
`39`		`-'0.0.0.0/8',`
`40`		`-'240.0.0.0/4',`
`41`		`-'::1/128',`
`42`		`-'fc00::/7',`
`43`		`-'fe80::/10',`
`44`		`-'::ffff:0:0/96',`
`45`		`-'::/128',`
`46`		`- ];`
`47`		`-`
`48`	`33`	`privateHttpClientInterface$client;`
`49`	`34`	`privatestring\|array\|null$subnets;`
`50`	`35`
`@@ -74,7 +59,7 @@ public function request(string $method, string $url, array $options = []): Respo`
`74`	`59`
`75`	`60`	`$options['on_progress'] =function (int$dlNow,int$dlSize,array$info)use ($onProgress,$subnets, &$lastPrimaryIp):void {`
`76`	`61`	`if ($info['primary_ip'] !==$lastPrimaryIp) {`
`77`		`-if ($info['primary_ip'] && IpUtils::checkIp($info['primary_ip'],$subnets ??self::PRIVATE_SUBNETS)) {`
	`62`	`+if ($info['primary_ip'] && IpUtils::checkIp($info['primary_ip'],$subnets ??IpUtils::PRIVATE_SUBNETS)) {`
`78`	`63`	`thrownewTransportException(sprintf('IP "%s" is blocked for "%s".',$info['primary_ip'],$info['url']));`
`79`	`64`	`}`
`80`	`65`

`‎src/Symfony/Component/HttpClient/composer.json`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,9 @@`
`42`	`42`	`"symfony/process":"^5.4\|^6.0",`
`43`	`43`	`"symfony/stopwatch":"^5.4\|^6.0"`
`44`	`44`	`},`
	`45`	`+"conflict": {`
	`46`	`+"symfony/http-foundation":"<6.3"`
	`47`	`+ },`
`45`	`48`	`"autoload": {`
`46`	`49`	`"psr-4": {"Symfony\\Component\\HttpClient\\":"" },`
`47`	`50`	`"exclude-from-classmap": [`

`‎src/Symfony/Component/HttpFoundation/CHANGELOG.md`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ CHANGELOG`
`10`	`10`	`* Create migration for session table when pdo handler is used`
`11`	`11`	`* Add support for Relay PHP extension for Redis`
`12`	`12`	* The`Response::sendHeaders()` method now takes an optional HTTP status code as parameter, allowing to send informational responses such as Early Hints responses (103 status code)
	`13`	+* Add`IpUtils::isPrivateIp`
`13`	`14`	* Deprecate conversion of invalid values in`ParameterBag::getInt()` and`ParameterBag::getBoolean()`,
`14`	`15`	* Deprecate ignoring invalid values when using`ParameterBag::filter()`, unless flag`FILTER_NULL_ON_FAILURE` is set
`15`	`16`

`‎src/Symfony/Component/HttpFoundation/IpUtils.php`

Lines changed: 23 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -18,6 +18,21 @@`
`18`	`18`	`*/`
`19`	`19`	`class IpUtils`
`20`	`20`	`{`
	`21`	`+publicconstPRIVATE_SUBNETS = [`
	`22`	`+'127.0.0.0/8',// RFC1700 (Loopback)`
	`23`	`+'10.0.0.0/8',// RFC1918`
	`24`	`+'192.168.0.0/16',// RFC1918`
	`25`	`+'172.16.0.0/12',// RFC1918`
	`26`	`+'169.254.0.0/16',// RFC3927`
	`27`	`+'0.0.0.0/8',// RFC5735`
	`28`	`+'240.0.0.0/4',// RFC1112`
	`29`	`+'::1/128',// Loopback`
	`30`	`+'fc00::/7',// Unique Local Address`
	`31`	`+'fe80::/10',// Link Local Address`
	`32`	`+'::ffff:0:0/96',// IPv4 translations`
	`33`	`+'::/128',// Unspecified address`
	`34`	`+ ];`
	`35`	`+`
`21`	`36`	`privatestaticarray$checkedIps = [];`
`22`	`37`
`23`	`38`	`/**`
`@@ -191,4 +206,12 @@ public static function anonymize(string $ip): string`
`191`	`206`
`192`	`207`	`return$ip;`
`193`	`208`	`}`
	`209`	`+`
	`210`	`+/**`
	`211`	`+ * Checks if an IPv4 or IPv6 address is contained in the list of private IP subnets.`
	`212`	`+ */`
	`213`	`+publicstaticfunctionisPrivateIp(string$requestIp):bool`
	`214`	`+ {`
	`215`	`+returnself::checkIp($requestIp,self::PRIVATE_SUBNETS);`
	`216`	`+ }`
`194`	`217`	`}`

`‎src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php`

Lines changed: 31 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -154,4 +154,35 @@ public static function getIp4SubnetMaskZeroData()`
`154`	`154`	`[false,'1.2.3.4','256.256.256/0'],// invalid CIDR notation`
`155`	`155`	`];`
`156`	`156`	`}`
	`157`	`+`
	`158`	`+/**`
	`159`	`+ * @dataProvider getIsPrivateIpData`
	`160`	`+ */`
	`161`	`+publicfunctiontestIsPrivateIp(string$ip,bool$matches)`
	`162`	`+ {`
	`163`	`+$this->assertSame($matches, IpUtils::isPrivateIp($ip));`
	`164`	`+ }`
	`165`	`+`
	`166`	`+publicstaticfunctiongetIsPrivateIpData():array`
	`167`	`+ {`
	`168`	`+return [`
	`169`	`+// private`
	`170`	`+ ['127.0.0.1',true],`
	`171`	`+ ['10.0.0.1',true],`
	`172`	`+ ['192.168.0.1',true],`
	`173`	`+ ['172.16.0.1',true],`
	`174`	`+ ['169.254.0.1',true],`
	`175`	`+ ['0.0.0.1',true],`
	`176`	`+ ['240.0.0.1',true],`
	`177`	`+ ['::1',true],`
	`178`	`+ ['fc00::1',true],`
	`179`	`+ ['fe80::1',true],`
	`180`	`+ ['::ffff:0:1',true],`
	`181`	`+ ['fd00::1',true],`
	`182`	`+`
	`183`	`+// public`
	`184`	`+ ['104.26.14.6',false],`
	`185`	`+ ['2606:4700:20::681a:e06',false],`
	`186`	`+ ];`
	`187`	`+ }`
`157`	`188`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit38b5992

File tree

5 files changed

5 files changed

`‎src/Symfony/Component/HttpClient/NoPrivateNetworkHttpClient.php`

`‎src/Symfony/Component/HttpClient/composer.json`

`‎src/Symfony/Component/HttpFoundation/CHANGELOG.md`

`‎src/Symfony/Component/HttpFoundation/IpUtils.php`

`‎src/Symfony/Component/HttpFoundation/Tests/IpUtilsTest.php`

0 commit comments