From e751c08ee21788d8692b29340eb99a030aefd9a0 Mon Sep 17 00:00:00 2001 From: Lucas Date: Thu, 8 Aug 2024 12:53:45 +0200 Subject: [PATCH 1/4] Fix issue #564: Modify filtering logic and update related tests --- .../src/trustless-gateway/utils.ts | 6 +++++ .../test/trustless-gateway-utils.spec.ts | 24 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/packages/block-brokers/src/trustless-gateway/utils.ts b/packages/block-brokers/src/trustless-gateway/utils.ts index 52aa9ba02..cd5a3c370 100644 --- a/packages/block-brokers/src/trustless-gateway/utils.ts +++ b/packages/block-brokers/src/trustless-gateway/utils.ts @@ -20,6 +20,12 @@ export function filterNonHTTPMultiaddrs (multiaddrs: Multiaddr[], allowInsecure: return isPrivateIp(ma.toOptions().host) === false } + + // When allowInsecure is false and allowLocal is true, allow multiaddrs with "127.0.0.1", "localhost", or any subdomain ending with ".localhost" + if (!allowInsecure && allowLocal) { + if (ma.toOptions().host === '127.0.0.1' || ma.toOptions().host === 'localhost' || ma.toOptions().host.endsWith('.localhost')) + return true + } return false }) diff --git a/packages/block-brokers/test/trustless-gateway-utils.spec.ts b/packages/block-brokers/test/trustless-gateway-utils.spec.ts index 8a2a42130..1aca9b3ba 100644 --- a/packages/block-brokers/test/trustless-gateway-utils.spec.ts +++ b/packages/block-brokers/test/trustless-gateway-utils.spec.ts @@ -27,4 +27,28 @@ describe('trustless-gateway-block-broker-utils', () => { expect(filtered.length).to.deep.equal(0) }) + + it('filterNonHTTPMultiaddrs allows 127.0.0.1 when allowInsecure=false', async function () { + const localMaddr = uriToMultiaddr('http://127.0.0.1') + + const filtered = filterNonHTTPMultiaddrs([localMaddr], false, true) + + expect(filtered.length).to.deep.equal(1) + }) + + it('filterNonHTTPMultiaddrs allows localhost when allowInsecure=false', async function () { + const localMaddr = uriToMultiaddr('http://localhost') + + const filtered = filterNonHTTPMultiaddrs([localMaddr], false, true) + + expect(filtered.length).to.deep.equal(1) + }) + + it('filterNonHTTPMultiaddrs allows *.localhost when allowInsecure=false', async function () { + const localMaddr = uriToMultiaddr('http://example.localhost') + + const filtered = filterNonHTTPMultiaddrs([localMaddr], false, true) + + expect(filtered.length).to.deep.equal(1) + }) }) From 991e1399ba271a5dc17eecf234ec9503ce6883f0 Mon Sep 17 00:00:00 2001 From: Lucas Date: Thu, 8 Aug 2024 21:54:49 +0200 Subject: [PATCH 2/4] chore: fix linting issues --- packages/block-brokers/src/trustless-gateway/utils.ts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/block-brokers/src/trustless-gateway/utils.ts b/packages/block-brokers/src/trustless-gateway/utils.ts index cd5a3c370..664db1642 100644 --- a/packages/block-brokers/src/trustless-gateway/utils.ts +++ b/packages/block-brokers/src/trustless-gateway/utils.ts @@ -20,11 +20,12 @@ export function filterNonHTTPMultiaddrs (multiaddrs: Multiaddr[], allowInsecure: return isPrivateIp(ma.toOptions().host) === false } - + // When allowInsecure is false and allowLocal is true, allow multiaddrs with "127.0.0.1", "localhost", or any subdomain ending with ".localhost" if (!allowInsecure && allowLocal) { - if (ma.toOptions().host === '127.0.0.1' || ma.toOptions().host === 'localhost' || ma.toOptions().host.endsWith('.localhost')) + if (ma.toOptions().host === '127.0.0.1' || ma.toOptions().host === 'localhost' || ma.toOptions().host.endsWith('.localhost')) { return true + } } return false From a32af89fa8473c9b1364df79e8e2f6fe2d736d10 Mon Sep 17 00:00:00 2001 From: acul71 <34693171+acul71@users.noreply.github.com> Date: Fri, 9 Aug 2024 20:18:45 +0200 Subject: [PATCH 3/4] Update packages/block-brokers/src/trustless-gateway/utils.ts Co-authored-by: Russell Dempsey <1173416+SgtPooki@users.noreply.github.com> --- packages/block-brokers/src/trustless-gateway/utils.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/block-brokers/src/trustless-gateway/utils.ts b/packages/block-brokers/src/trustless-gateway/utils.ts index 664db1642..820c44ff1 100644 --- a/packages/block-brokers/src/trustless-gateway/utils.ts +++ b/packages/block-brokers/src/trustless-gateway/utils.ts @@ -23,7 +23,8 @@ export function filterNonHTTPMultiaddrs (multiaddrs: Multiaddr[], allowInsecure: // When allowInsecure is false and allowLocal is true, allow multiaddrs with "127.0.0.1", "localhost", or any subdomain ending with ".localhost" if (!allowInsecure && allowLocal) { - if (ma.toOptions().host === '127.0.0.1' || ma.toOptions().host === 'localhost' || ma.toOptions().host.endsWith('.localhost')) { + const { host } = ma.toOptions() + if (host === '127.0.0.1' || host === 'localhost' || host.endsWith('.localhost')) { return true } } From a01c7a8007a354757a89eabe1a49a6f7e6a2af07 Mon Sep 17 00:00:00 2001 From: Lucas Date: Sat, 10 Aug 2024 17:33:45 +0200 Subject: [PATCH 4/4] refactor: simplify conditional logic in filterNonHTTPMultiaddrs --- packages/block-brokers/src/trustless-gateway/utils.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/block-brokers/src/trustless-gateway/utils.ts b/packages/block-brokers/src/trustless-gateway/utils.ts index 664db1642..820c44ff1 100644 --- a/packages/block-brokers/src/trustless-gateway/utils.ts +++ b/packages/block-brokers/src/trustless-gateway/utils.ts @@ -23,7 +23,8 @@ export function filterNonHTTPMultiaddrs (multiaddrs: Multiaddr[], allowInsecure: // When allowInsecure is false and allowLocal is true, allow multiaddrs with "127.0.0.1", "localhost", or any subdomain ending with ".localhost" if (!allowInsecure && allowLocal) { - if (ma.toOptions().host === '127.0.0.1' || ma.toOptions().host === 'localhost' || ma.toOptions().host.endsWith('.localhost')) { + const { host } = ma.toOptions() + if (host === '127.0.0.1' || host === 'localhost' || host.endsWith('.localhost')) { return true } }