search

frenchbread / private-ip

Check if IP address is private.
MIT License
33 stars 16 forks source link

Private IP protection bypass #15

Closed frenchbread closed 2 years ago

frenchbread commented 3 years ago

Adds more flexibility for ipv4 address checks

changes (ref: #14)

adds support for:

dev

steps to test

  1. Clone repo: git clone https://github.com/frenchbread/private-ip.git && cd private-ip
  2. Switch to commit with changes: git checkout 055759755a10a9eb039110c8467df808a600409e
  3. Install dependencies: npm i
  4. Checkout test.js file for new payloads that you've provided & run tests with npm run test
  5. If you don't want to go through test.js file, you can create test file yourself e.g. touch _test.js and put following code in there: 
    
// _test.js
const is_ip_private = require('./')

const payloads = [ 'ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff', '2130706433', '0x7f000001', '100::ffff::', '::ffff:0.0.255.255.255', '::ffff:0.255.255.255.255', ]

payloads.forEach(payload => { console.log(payload, is_ip_private(payload)) })

// output should look like this: // ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff true // 2130706433 true // 0x7f000001 true // 100::ffff:: undefined // ::ffff:0.0.255.255.255 undefined // ::ffff:0.255.255.255.255 undefined


6. Add other test values to the `payloads` array if you want.
7. Don't forget to build module using `npm run build`
8. And run: `node _test.js`
slimkrazy commented 3 years ago

Hey @frenchbread - When are you planning to merge this change into master and release a new version of the package?

frenchbread commented 2 years ago

Hi @slimkrazy, thanks for the heads up.

I was doing additional research on maybe adding some options whether input should be parsed from dec/hex (for ipv4) or not, but it turns out a bit trickier than I thought. So merging this as it is.

frenchbread commented 2 years ago

Published v2.3.0