diff options
| author | David Flatz | 2022-06-20 15:34:58 +0200 |
|---|---|---|
| committer | David Flatz | 2022-06-20 15:34:58 +0200 |
| commit | fff47a5651778018c6b437519b9ab1a535aa3e1d (patch) | |
| tree | dfc6a6e8b71d329f0de4366bf7836c67ec1609dc | |
| parent | 5e520bc918cc559cf2497c4c97199ecd33331b86 (diff) | |
| download | itools-fff47a5651778018c6b437519b9ab1a535aa3e1d.tar.gz itools-fff47a5651778018c6b437519b9ab1a535aa3e1d.tar.bz2 itools-fff47a5651778018c6b437519b9ab1a535aa3e1d.zip | |
add function to check whether an ip is from a private range which should be useful for security checks of user provided ip-addresses
| -rw-r--r-- | AUTHORS | 2 | ||||
| -rw-r--r-- | it.class | 26 | ||||
| -rwxr-xr-x | test/it.t | 14 |
3 files changed, 41 insertions, 1 deletions
@@ -1,5 +1,5 @@ ITools - the Internet Tools Library -Copyright (C) 1995-2021 by +Copyright (C) 1995-2022 by cschneid: Christian Schneider denis: Denis De Mesmaeker @@ -430,6 +430,32 @@ static function cidr_match($ip, $cidrs) /** + * check whether an IP address is a private, loopback or link-local address. + * Supports IPv6 and IPv6 + * @param $ip IP address as string (192.168.42.123, + * 2a02:169:200:d:0:1337:babe:d00d) + * @return true if $ip is in a private, loopback or link-local network block + */ +static function is_private_ip($ip) +{ + $private_cidrs = [ + '10.0.0.0/8', + '127.0.0.0/8', + '169.254.0.0/16', + '172.16.0.0/12', + '192.0.0.0/24', + '192.168.0.0/16', + '198.18.0.0/15', + '::1/128', + 'fc00::/7', + 'fe80::/64', + ]; + + return it::cidr_match($ip, $private_cidrs); +} + + +/** * Convert regex for preg (adds and escapes delimiter, adds modifiers) * @param $pattern Regex to convert * @param $p['casesensitive'] Regex is case sensitive (omit modifier i) @@ -328,6 +328,20 @@ is(it::cidr_match('2001:918:ff83:101:798e:77c0:b722:fe56', '2001:918:ff83:101::/ is(it::cidr_match('2001:918:ff83:102:798e:77c0:b722:fe56', '2001:918:ff83:101::/64'), false, "cidr_match ipv6 no match" ); is(it::cidr_match('10.11.12.13', ['10.0.0.0/8', '192.168.0.0./16']), true, "cidr_match array"); +# it::is_private_ip tests +is(it::is_private_ip('192.168.2.3'), true, "is_private_ip 192.168/16 example"); +is(it::is_private_ip('34.98.92.95'), false, "is_private_ip search.ch ipv4"); +is(it::is_private_ip('2600:1901:0:6fe0::'), false, "is_private_ip search.ch ipv6"); +is(it::is_private_ip('::1'), true, "is_private_ip loopback ipv6"); +is(it::is_private_ip('172.19.34.19'), true, "is_private_ip 172.16/12 example"); +is(it::is_private_ip('10.128.72.9'), true, "is_private_ip 10/8 example"); +is(it::is_private_ip('195.49.47.11'), false, "is_private_ip gna.ch ipv4"); +is(it::is_private_ip('2a01:2a8:9100:1911:abba:0:1:80'), false, "is_private_ip gna.ch ipv6"); +is(it::is_private_ip('fd12::1337:bab3:d00d'), true, "is_private_ip fc00::/7 example"); +is(it::is_private_ip('81.6.43.252'), false, "is_private_ip dunstkreis.ch ipv4"); +is(it::is_private_ip('2a02:169:200:d::15'), false, "is_private_ip dunstkreis.ch ipv6"); +is(it::is_private_ip('127.6.7.23'), true, "is_private_ip loopback ipv4"); + # it::filter_keys tests $data = ['a' => 1, 'b' => 2, 'c' => 3]; |