Skip to content

Commit

Permalink
Merge pull request #460 from H2-invent/hotfix/ip-range-check
Browse files Browse the repository at this point in the history 
* fix ip in comma sperated list
  • Loading branch information
@holema
holema authored Oct 17, 2023
2 parents f80eecf + f53c16c commit 92d0bf9
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 8 deletions.
26 changes: 19 additions & 7 deletions src/Service/CheckIPService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,28 +2,36 @@

namespace App\Service;

use Psr\Log\LoggerInterface;

class CheckIPService
{
public function __construct(
private LoggerInterface $logger,
)
{
}

function isIPInRange($ipToCheck, $ipRange): bool
{

$this->logger->info($ipToCheck);
if (!$ipRange) {
return true;
}
// Aufteilen des Range-Strings in einzelne IPs und Ranges
$rangeList = explode(',', $ipRange);

$ipToCheckBinary = inet_pton($ipToCheck);
foreach ($rangeList as $range) {
// Zerlege die IP-Range in Netzwerk- und Subnetzmaske
if (strpos($range, '/') !== false) {
list($network, $subnetMask) = explode('/', $range);

// Konvertiere die IP-Adressen und Subnetzmasken in binäre Darstellung
$networkBinary = inet_pton($network);
$ipToCheckBinary = inet_pton($ipToCheck);

if (!$ipToCheckBinary || !$networkBinary) {
return false;
break;
}
$subnetMaskBinary = pack('N', pow(2, 32) - pow(2, 32 - (int)$subnetMask));

Expand All @@ -32,15 +40,19 @@ function isIPInRange($ipToCheck, $ipRange): bool
$ipToCheckBinaryMasked = $ipToCheckBinary & $subnetMaskBinary;

// Vergleiche die Netzwerkteile
return $networkBinaryMasked === $ipToCheckBinaryMasked;
if ($networkBinaryMasked === $ipToCheckBinaryMasked) {
return true;
};
} else {
// Für einzelne IPs (Range ohne Subnetzmaske)
$ipToCheckBinary = inet_pton($ipToCheck);
$ipRangeBinary = inet_pton($range);

return $ipToCheckBinary === $ipRangeBinary;
if ($ipToCheckBinary === $ipRangeBinary) {
return true;
}
}
}

$this->logger->error('blocked IP found', ['ip' => $ipToCheck]);
return false;
}

Expand Down
10 changes: 9 additions & 1 deletion tests/CheckIpTest/CheckIpServiceTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,17 @@

use App\Service\CheckIPService;
use PHPUnit\Framework\TestCase;
use Psr\Log\LoggerInterface;

class CheckIpServiceTest extends TestCase
{
private CheckIPService $checkIPService;
protected function setUp(): void
{
parent::setUp(); // TODO: Change the autogenerated stub
$this->checkIPService = new CheckIPService();
$loggermock = $this->createMock(LoggerInterface::class);

$this->checkIPService = new CheckIPService($loggermock);

}

Expand Down Expand Up @@ -54,8 +57,13 @@ public function testEmptyRange() {
public function testCommaSeparatedList() {
// Testen mit einer kommaseparierten Liste von IP-Adressen und IP-Ranges
$this->assertTrue($this->checkIPService->isIPInRange('192.168.1.10', '192.168.1.0/24,10.0.0.0/16'));
$this->assertTrue($this->checkIPService->isIPInRange('192.168.1.10', '10.0.0.0/16,192.168.1.0/24'));
$this->assertFalse($this->checkIPService->isIPInRange('192.168.1.10', '10.0.0.0/16,172.16.0.0/12'));
$this->assertTrue($this->checkIPService->isIPInRange('192.168.1.10', '192.168.1.10,172.16.0.0/12'));
$this->assertTrue($this->checkIPService->isIPInRange('192.168.1.10', '192.168.1.11,192.168.1.10'));
$this->assertTrue($this->checkIPService->isIPInRange('192.168.1.10', '192.168.1.11,192.168.1.09,192.168.1.10'));
$this->assertFalse($this->checkIPService->isIPInRange('192.168.1.10', '192.168.1.11,192.168.1.09,192.168.1.13'));
$this->assertFalse($this->checkIPService->isIPInRange('192.168.1.9', '192.168.1.11,172.16.0.10'));
}

}

0 comments on commit 92d0bf9

Please sign in to comment.