-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: use Node.js net lib and reject malformed addresses #1
Conversation
Warning Rate limit exceeded@fengmk2 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 36 minutes and 47 seconds before requesting another review. How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. WalkthroughThis update enhances the IP manipulation library by incorporating stricter IP validation, normalization functions, and improved test coverage. The GitHub Actions workflow is updated to support newer Node.js versions and utilizes the latest versions of key actions. Documentation and package metadata are also revised to reflect the library's new ownership and added functionalities. Changes
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files ignored due to path filters (1)
package-lock.json
is excluded by!**/package-lock.json
Files selected for processing (5)
- .github/workflows/test.yml (1 hunks)
- README.md (4 hunks)
- lib/ip.js (7 hunks)
- package.json (1 hunks)
- test/api-test.js (3 hunks)
Files skipped from review due to trivial changes (2)
- .github/workflows/test.yml
- package.json
Additional context used
Markdownlint
README.md
7-7: null (MD034, no-bare-urls)
Bare URL used
3-3: null (MD045, no-alt-text)
Images should have alternate text (alt text)
Biome
lib/ip.js
[error] 62-84: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 90-92: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 94-108: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 120-144: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 146-183: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 185-196: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 198-237: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 239-250: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 252-258: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 260-286: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 288-320: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 322-335: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 337-339: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 341-347: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 349-355: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 357-364: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 366-377: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 394-438: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 440-447: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 449-454: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
Additional comments not posted (10)
README.md (2)
36-36
: The addition ofip.isValid('127.0.0.1'); // true
is a useful example for demonstrating the validation functionality.
66-71
: The examples for handling malformed addresses are clear and demonstrate the new functionality well.lib/ip.js (4)
4-4
: Importing thenet
module is essential for the new functionality. Ensure that it's being used effectively throughout the file.
86-88
: Replacing custom IP format validation withnet.isIPv4
andnet.isIPv6
simplifies the code and leverages built-in Node.js capabilities.
323-329
: The updatedip.isPrivate
function now usesip.normalizeStrict
for address normalization, which is a good use of code reuse and improves the accuracy of the privacy check.
341-355
: Theip.isValidAndPrivate
andip.isValidAndPublic
functions are correctly implemented to handle exceptions and return appropriate boolean values.Tools
Biome
[error] 341-347: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
[error] 349-355: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.test/api-test.js (4)
254-254
: The new test cases for thenormalizeToLong
method are comprehensive and cover various input formats effectively.
355-356
: The test case for rejecting hexadecimal IP addresses is a good addition, ensuring that the new validation logic is robust.
472-494
: ThenormalizeStrict
method tests are thorough, covering various scenarios including malformed addresses. This ensures that the function behaves as expected across different inputs.
497-525
: ThenormalizeLax
method tests are well-designed to cover normalization of hex, octal, and other non-standard IP address formats. This is crucial for ensuring the method handles a wide range of input scenarios.
|
||
IP address utilities for node.js | ||
|
||
## Installation | ||
Security fix fork, merge https://github.com/indutny/node-ip/pull/144 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider using a markdown link instead of a bare URL to comply with best practices.
- Security fix fork, merge https://github.com/indutny/node-ip/pull/144
+ Security fix fork, merge [node-ip pull request #144](https://github.com/indutny/node-ip/pull/144)
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Security fix fork, merge https://github.com/indutny/node-ip/pull/144 | |
Security fix fork, merge [node-ip pull request #144](https://github.com/indutny/node-ip/pull/144) |
Tools
Markdownlint
7-7: null (MD034, no-bare-urls)
Bare URL used
@@ -3,20 +1,21 @@ | |||
# IP | |||
|
|||
[![](https://badge.fury.io/js/@eggjs/ip.svg)](https://www.npmjs.com/package/@eggjs/ip) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add alt text to the image for accessibility.
- [![](https://badge.fury.io/js/@eggjs/ip.svg)](https://www.npmjs.com/package/@eggjs/ip)
+ [![npm package version](https://badge.fury.io/js/@eggjs/ip.svg)](https://www.npmjs.com/package/@eggjs/ip)
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
[![](https://badge.fury.io/js/@eggjs/ip.svg)](https://www.npmjs.com/package/@eggjs/ip) | |
[![npm package version](https://badge.fury.io/js/@eggjs/ip.svg)](https://www.npmjs.com/package/@eggjs/ip) |
Tools
Markdownlint
3-3: null (MD045, no-alt-text)
Images should have alternate text (alt text)
ip.isValid = function (addr) { | ||
return net.isIP(addr) !== 0; | ||
}; | ||
|
||
ip.isV6Format = function (ip) { | ||
return ipv6Regex.test(ip); | ||
ip.normalizeStrict = function (addr) { | ||
let family; | ||
switch (net.isIP(addr)) { | ||
case 4: | ||
family = 'ipv4'; | ||
break; | ||
case 6: | ||
family = 'ipv6'; | ||
break; | ||
default: | ||
throw new Error(`Invalid ip address: ${addr}`); | ||
} | ||
const { address } = new net.SocketAddress({ address: addr, family }); | ||
return address; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The ip.isValid
and ip.normalizeStrict
functions are well implemented using the net
library. Consider converting these to arrow functions for consistency and to reduce function complexity.
- ip.isValid = function (addr) {
+ ip.isValid = (addr) => {
- ip.normalizeStrict = function (addr) {
+ ip.normalizeStrict = (addr) => {
Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
ip.isValid = function (addr) { | |
return net.isIP(addr) !== 0; | |
}; | |
ip.isV6Format = function (ip) { | |
return ipv6Regex.test(ip); | |
ip.normalizeStrict = function (addr) { | |
let family; | |
switch (net.isIP(addr)) { | |
case 4: | |
family = 'ipv4'; | |
break; | |
case 6: | |
family = 'ipv6'; | |
break; | |
default: | |
throw new Error(`Invalid ip address: ${addr}`); | |
} | |
const { address } = new net.SocketAddress({ address: addr, family }); | |
return address; | |
ip.isValid = (addr) => { | |
return net.isIP(addr) !== 0; | |
}; | |
ip.normalizeStrict = (addr) => { | |
let family; | |
switch (net.isIP(addr)) { | |
case 4: | |
family = 'ipv4'; | |
break; | |
case 6: | |
family = 'ipv6'; | |
break; | |
default: | |
throw new Error(`Invalid ip address: ${addr}`); | |
} | |
const { address } = new net.SocketAddress({ address: addr, family }); | |
return address; |
Tools
Biome
[error] 90-92: This function expression can be turned into an arrow function. (lint/complexity/useArrowFunction)
Function expressions that don't use this can be turned into arrow functions.
Safe fix: Use an arrow function instead.
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/[email protected], npm/[email protected] |
[skip ci] ## [2.0.2](v2.0.1...v2.0.2) (2024-06-12) ### Bug Fixes * use Node.js net lib and reject malformed addresses ([#1](#1)) ([742b47a](742b47a))
merge indutny#144
eggjs/egg-security#94
Summary by CodeRabbit
New Features
isValid
,normalizeStrict
,isValidAndPrivate
,normalizeLax
, andisValidAndPublic
.Documentation
Refactor
Chores