fix: whiteIp wildcard modification(cherry pick from master #2321/#2326) (#2328)

* fix: ip whitelist wildcard modification inner 712 * fix: ip whitelist wildcard distinguish fe80 inner 714
2026-01-05 20:30:40 -06:00 · 2020-11-26 13:27:33 +08:00
parent 9cbd98516c
commit ee6bb35485
2 changed files with 72 additions and 7 deletions
--- a/src/main/java/com/actiontech/dble/util/IPAddressUtil.java
+++ b/src/main/java/com/actiontech/dble/util/IPAddressUtil.java
@@ -54,13 +54,20 @@ public final class IPAddressUtil {
     * @param target ip to be check
     */
    public static boolean check(String target) {
+        int separatorIndex = target.lastIndexOf(SEPARATOR_2);
+        boolean isWildcard = false;
+        if (separatorIndex == 0) {
+            isWildcard = target.charAt(separatorIndex + 1) == '.' || target.charAt(separatorIndex + 1) == ':';
+        } else if (separatorIndex > 0) {
+            isWildcard = target.charAt(separatorIndex - 1) == '.' || target.charAt(separatorIndex - 1) == ':';
+        }
        if (target.contains(SEPARATOR_1)) {
            //rule ip1-ip2
            String[] sourceSplit = target.split(SEPARATOR_1);
            if (sourceSplit.length == 2) {
                return Pattern.matches(PATTERN_IP, sourceSplit[0]) && Pattern.matches(PATTERN_IP, sourceSplit[1]);
            }
-        } else if (target.contains(SEPARATOR_2) && !target.contains(IPV6_LOCAL_PREFIX)) {
+        } else if (target.contains(SEPARATOR_2) && isWildcard) {
            //rule 172.0.0.%
            String start = target.replace(SEPARATOR_2, "0");
            return Pattern.matches(PATTERN_IP, start);
@@ -108,22 +115,32 @@ public final class IPAddressUtil {
        if (StringUtil.isEmpty(target) || StringUtil.isEmpty(source)) {
            return false;
        }
+        int separatorIndex = source.lastIndexOf(SEPARATOR_2);
+        boolean isWildcard = false;
+        if (separatorIndex == 0) {
+            isWildcard = source.charAt(separatorIndex + 1) == '.' || source.charAt(separatorIndex + 1) == ':';
+        } else if (separatorIndex > 0) {
+            isWildcard = source.charAt(separatorIndex - 1) == '.' || source.charAt(separatorIndex - 1) == ':';
+        }
        if (source.contains(SEPARATOR_1)) {
            //rule ip1-ip2
            String[] sourceSplit = source.split(SEPARATOR_1);
            if (sourceSplit.length == 2) {
                return between(target, sourceSplit[0], sourceSplit[1]);
            }
-        } else if (source.contains(SEPARATOR_2) && !source.contains(IPV6_LOCAL_PREFIX)) {
+        } else if (source.contains(SEPARATOR_2) && isWildcard) {
            //rule 172.0.0.%
            String start = source.replace(SEPARATOR_2, "0");
-            String end = null;
+            String regex = null;
            if (sun.net.util.IPAddressUtil.isIPv4LiteralAddress(start)) {
-                end = source.replace(SEPARATOR_2, "255");
+                regex = source.replace("%", "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)");
            } else if (sun.net.util.IPAddressUtil.isIPv6LiteralAddress(start)) {
-                end = source.replace(SEPARATOR_2, "ffff");
+                regex = source.replace("%", "([0-9a-fA-F]{1,4})");
            }
-            return between(target, start, end);
+            if (null == regex) {
+                return false;
+            }
+            return Pattern.matches(regex, target);
        } else if (source.contains(SEPARATOR_3)) {
            //rule CIDR
            String[] sourceSplit = source.split(SEPARATOR_3);
--- a/src/test/java/com/actiontech/dble/util/IPAddressUtilTest.java
+++ b/src/test/java/com/actiontech/dble/util/IPAddressUtilTest.java
@@ -59,6 +59,12 @@ public class IPAddressUtilTest {
        Assert.assertEquals(false, IPAddressUtil.check("0.0.0.-1"));
        Assert.assertEquals(false, IPAddressUtil.check("255.255.255"));
        Assert.assertEquals(false, IPAddressUtil.check("255.255.255.255.255"));
+
+
+        Assert.assertEquals(true, IPAddressUtil.check("fe80:%:%:%:%:%:%:%"));
+        Assert.assertEquals(true, IPAddressUtil.check("127.0.0.%"));
+        Assert.assertEquals(true, IPAddressUtil.check("%.0.0.%"));
+        Assert.assertEquals(true, IPAddressUtil.check("%:%:%:%:%:%:%:fe80"));
    }

    @Test
@@ -83,7 +89,7 @@ public class IPAddressUtilTest {
        Assert.assertEquals(IPAddressUtil.match(host6, "1::3:4:5:6:7:8-1::3:4:5:6:7:ffff"), true);
        Assert.assertEquals(IPAddressUtil.match(host6, "1::3:4:5:6:7:9-1::3:4:5:6:7:ffff"), false);
        Assert.assertEquals(IPAddressUtil.match(host6, "1::3:4:5:6:7:9-1::3:4:5:6:7:ffff"), false);
-        Assert.assertEquals(IPAddressUtil.match(host6, "1::3:4:%:5:6:7"), true);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:3:%:5:6:7:8"), true);
        Assert.assertEquals(IPAddressUtil.match(host6, "1::2:%:5:6:7:%"), false);
        Assert.assertEquals(IPAddressUtil.match(host6, "1::3:9:5:6:7:8/60"), true);
        Assert.assertEquals(IPAddressUtil.match(host6, "1::3:9:5:6:7:8/61"), false);
@@ -91,4 +97,46 @@ public class IPAddressUtilTest {
        Assert.assertEquals(IPAddressUtil.match(host6, "192.168.1.10-192.168.1.100"), false);
        Assert.assertEquals(IPAddressUtil.match(host6, "192.168.1.%"), false);
    }
+
+    @Test
+    public void match2() throws UnknownHostException {
+        String host4 = "192.168.2.1";
+        Assert.assertEquals(IPAddressUtil.match(host4, "192.168.2.%"), true);
+        Assert.assertEquals(IPAddressUtil.match(host4, "192.168.1.%"), false);
+        Assert.assertEquals(IPAddressUtil.match(host4, "%.%.%.%"), true);
+        Assert.assertEquals(IPAddressUtil.match(host4, "192.%.%.%"), true);
+        Assert.assertEquals(IPAddressUtil.match(host4, "192.168.%.%"), true);
+        Assert.assertEquals(IPAddressUtil.match(host4, "193.%.%.%"), false);
+        Assert.assertEquals(IPAddressUtil.match(host4, "%.169.%.%"), false);
+        Assert.assertEquals(IPAddressUtil.match(host4, "%.168.%.%"), true);
+        Assert.assertEquals(IPAddressUtil.match(host4, "%.%.3.%"), false);
+        Assert.assertEquals(IPAddressUtil.match(host4, "%.%.2.%"), true);
+        Assert.assertEquals(IPAddressUtil.match(host4, "%.%.%.2"), false);
+        Assert.assertEquals(IPAddressUtil.match(host4, "%.%.%.1"), true);
+    }
+
+    @Test
+    public void match3() throws UnknownHostException {
+
+        String host6 = "1:0:3:4:5:6:7:8";
+        Assert.assertEquals(IPAddressUtil.match(host6, "%:0:3:4:5:6:7:8"), true);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:%:3:4:5:6:7:8"), true);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:%:4:5:6:7:8"), true);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:3:%:5:6:7:8"), true);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:3:4:%:6:7:8"), true);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:3:4:5:%:7:8"), true);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:3:4:5:6:%:8"), true);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:3:4:5:6:7:%"), true);
+        Assert.assertEquals(IPAddressUtil.match(host6, "%:%:%:%:%:%:%:%"), true);
+
+        Assert.assertEquals(IPAddressUtil.match(host6, "%:1:3:4:5:6:7:8"), false);
+        Assert.assertEquals(IPAddressUtil.match(host6, "2:%:3:4:5:6:7:8"), false);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:1:%:4:5:6:7:8"), false);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:4:%:5:6:7:8"), false);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:3:5:%:6:7:8"), false);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:3:4:6:%:7:8"), false);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:3:4:5:7:%:8"), false);
+        Assert.assertEquals(IPAddressUtil.match(host6, "1:0:3:4:5:6:8:%"), false);
+        Assert.assertEquals(IPAddressUtil.match(host6, "%:%:%:%:%:%:%:9"), false);
+    }
 }