diff options
| author | David Flatz | 2022-06-20 17:20:46 +0200 |
|---|---|---|
| committer | David Flatz | 2022-06-20 17:22:24 +0200 |
| commit | 72010f5b4d1aee57e1ace054b91ab579d630366d (patch) | |
| tree | d4c85f20e7699d14666e30b53b3251ea374e59dd | |
| parent | fff47a5651778018c6b437519b9ab1a535aa3e1d (diff) | |
| download | itools-72010f5b4d1aee57e1ace054b91ab579d630366d.tar.gz itools-72010f5b4d1aee57e1ace054b91ab579d630366d.tar.bz2 itools-72010f5b4d1aee57e1ace054b91ab579d630366d.zip | |
make is_private_ip resolve hostnames and check all resolved ips
| -rw-r--r-- | it.class | 46 | ||||
| -rwxr-xr-x | test/it.t | 7 |
2 files changed, 33 insertions, 20 deletions
@@ -430,28 +430,34 @@ static function cidr_match($ip, $cidrs) /** - * check whether an IP address is a private, loopback or link-local address. - * Supports IPv6 and IPv6 - * @param $ip IP address as string (192.168.42.123, - * 2a02:169:200:d:0:1337:babe:d00d) - * @return true if $ip is in a private, loopback or link-local network block + * check whether an IP address is a private, loopback, link-local or reserved + * address. Supports IPv4 and IPv6 + * @param $host hostname or IP address as string + * @return true if $host is in a private, loopback, link-local or reserved + * network block */ -static function is_private_ip($ip) +static function is_private_ip($host) { - $private_cidrs = [ - '10.0.0.0/8', - '127.0.0.0/8', - '169.254.0.0/16', - '172.16.0.0/12', - '192.0.0.0/24', - '192.168.0.0/16', - '198.18.0.0/15', - '::1/128', - 'fc00::/7', - 'fe80::/64', - ]; - - return it::cidr_match($ip, $private_cidrs); + if ($host == filter_var($host, FILTER_VALIDATE_IP)) + $ips = [$host]; + else + { + $ips = []; + foreach (dns_get_record($host, DNS_A) as $record) + $ips[] = $record['ip']; + foreach (dns_get_record($host, DNS_AAAA) as $record) + $ips[] = $record['ipv6']; + } + + foreach ($ips as $ip) + { + if ($ip !== filter_var($ip, FILTER_VALIDATE_IP)) + continue; + if ($ip !== filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) + return true; + } + + return false; } @@ -341,6 +341,13 @@ is(it::is_private_ip('fd12::1337:bab3:d00d'), true, "is_private_ip fc is(it::is_private_ip('81.6.43.252'), false, "is_private_ip dunstkreis.ch ipv4"); is(it::is_private_ip('2a02:169:200:d::15'), false, "is_private_ip dunstkreis.ch ipv6"); is(it::is_private_ip('127.6.7.23'), true, "is_private_ip loopback ipv4"); +is(it::is_private_ip('169.254.6.9'), true, "is_private_ip 169.254/16 example"); +is(it::is_private_ip('gna.ch'), false, "is_private_ip gna.ch"); +is(it::is_private_ip('dunstkreis.ch'), false, "is_private_ip dunstkreis.ch"); +is(it::is_private_ip('loopback.gna.ch'), true, "is_private_ip loopback.gna.ch points to ::1"); +is(it::is_private_ip('cname.gna.ch'), true, "is_private_ip cname.gna.ch points to loopback.gna.ch"); +is(it::is_private_ip('pub4.gna.ch'), true, "is_private_ip pub4.gna.ch has public ipv4 but private ipv6"); +is(it::is_private_ip('pub6.gna.ch'), true, "is_private_ip pub6.gna.ch has private ipv6 and public ipv6"); # it::filter_keys tests |