From ddcd2da8cef41358528ab1c705f6f8c8414f9f14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Wed, 21 Dec 2022 08:35:06 +0100 Subject: [PATCH 1/2] fix(wopi): Properly handle single IPv6 addresses in WOPI allow list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- lib/Middleware/WOPIMiddleware.php | 2 +- tests/lib/Middleware/WOPIMiddlewareTest.php | 93 +++++++++++++++++++++ 2 files changed, 94 insertions(+), 1 deletion(-) create mode 100644 tests/lib/Middleware/WOPIMiddlewareTest.php diff --git a/lib/Middleware/WOPIMiddleware.php b/lib/Middleware/WOPIMiddleware.php index 932a8cb01b..f8ffd000ec 100644 --- a/lib/Middleware/WOPIMiddleware.php +++ b/lib/Middleware/WOPIMiddleware.php @@ -117,7 +117,7 @@ public function isWOPIAllowed(): bool { private function matchCidr(string $ip, string $range): bool { list($subnet, $bits) = array_pad(explode('/', $range), 2, null); if ($bits === null) { - $bits = 32; + $bits = strpos($subnet, ':') !== false ? 128 : 32; } $bits = (int)$bits; diff --git a/tests/lib/Middleware/WOPIMiddlewareTest.php b/tests/lib/Middleware/WOPIMiddlewareTest.php new file mode 100644 index 0000000000..bc000c1ea1 --- /dev/null +++ b/tests/lib/Middleware/WOPIMiddlewareTest.php @@ -0,0 +1,93 @@ + + * + * @author Julius Härtl + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + + +namespace OCA\Richdocuments\Middleware; + +use OCA\Richdocuments\Db\WopiMapper; +use OCP\IConfig; +use OCP\IRequest; +use Psr\Log\LoggerInterface; + +class WOPIMiddlewareTest extends \PHPUnit\Framework\TestCase { + /** + * @var IConfig|(IConfig&\PHPUnit\Framework\MockObject\MockObject)|\PHPUnit\Framework\MockObject\MockObject + */ + private $config; + /** + * @var IRequest|(IRequest&\PHPUnit\Framework\MockObject\MockObject)|\PHPUnit\Framework\MockObject\MockObject + */ + private $request; + /** + * @var WopiMapper|(WopiMapper&\PHPUnit\Framework\MockObject\MockObject)|\PHPUnit\Framework\MockObject\MockObject + */ + private $wopiMapper; + /** + * @var \PHPUnit\Framework\MockObject\MockObject|LoggerInterface|(LoggerInterface&\PHPUnit\Framework\MockObject\MockObject) + */ + private $logger; + private WOPIMiddleware $middleware; + + public function setUp(): void { + parent::setUp(); + $this->config = $this->createMock(IConfig::class); + $this->request = $this->createMock(IRequest::class); + $this->wopiMapper = $this->createMock(WopiMapper::class); + $this->logger = $this->createMock(LoggerInterface::class); + $this->middleware = new WOPIMiddleware( + $this->config, + $this->request, + $this->wopiMapper, + $this->logger, + ); + } + + /** @dataProvider dataAllow */ + public function testAllow($ip, $allowList, $result) { + $this->request->expects($this->once()) + ->method('getRemoteAddress') + ->willReturn($ip); + $this->config->expects(self::any()) + ->method('getAppValue') + ->willReturn($allowList); + self::assertEquals($result, $this->middleware->isWOPIAllowed()); + } + + public function dataAllow() { + return [ + ['192.168.178.1', '192.168.178.1', true], + ['192.168.178.1', '192.168.178.2', false], + ['192.168.178.1', '192.168.178.1/24', true], + ['192.168.178.230', '192.168.178.1/24', true], + ['192.168.179.1', '192.168.178.1/24', false], + ['10.0.0.10', '10.0.0.0/8', true], + ['2001:0DB8:8280:97e8:6c18:0000:a53f:0001', '2001:0DB8:8280:97e8:6c18:0000:a53f:0001', true], + ['2001:0DB8:8280:97e8:6c18:0000:a53f:0001', '2001:0DB8:8280:97e8:6c18:0000:a53f:0001/128', true], + ['2001:0DB8:8280:97e8:6c18:0000:a53f:0001', '2001:0DB8:8280::/48', true], + ['2001:0DB8:8180:97e8:6c18:0000:a53f:0001', '2001:0DB8:8280::/48', false], + ['2001:0DB8:8180:97e8:6c18:0000:a53f:0001', '2001:0DB8::/32', true], + ]; + } +} From 71795694f8984421a3a730d9392d24e229c1d834 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Mon, 2 Jan 2023 15:53:56 +0100 Subject: [PATCH 2/2] tests(phpunit): Run unit tests against correct stable version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- .github/workflows/phpunit.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml index 8bae522853..7306cf08d2 100644 --- a/.github/workflows/phpunit.yml +++ b/.github/workflows/phpunit.yml @@ -20,7 +20,7 @@ jobs: matrix: php-versions: ['7.4', '8.0', "8.1"] databases: ['sqlite'] - server-versions: ['master'] + server-versions: ['stable24'] name: php${{ matrix.php-versions }}-${{ matrix.databases }}-${{ matrix.server-versions }} @@ -78,7 +78,7 @@ jobs: matrix: php-versions: ['7.4', '8.0'] databases: ['mysql'] - server-versions: ['master'] + server-versions: ['stable24'] name: php${{ matrix.php-versions }}-${{ matrix.databases }}-${{ matrix.server-versions }} @@ -145,7 +145,7 @@ jobs: matrix: php-versions: ['7.4'] databases: ['pgsql'] - server-versions: ['master'] + server-versions: ['stable24'] name: php${{ matrix.php-versions }}-${{ matrix.databases }}-${{ matrix.server-versions }} @@ -214,7 +214,7 @@ jobs: matrix: php-versions: ['7.4'] databases: ['oci'] - server-versions: ['master'] + server-versions: ['stable24'] name: php${{ matrix.php-versions }}-${{ matrix.databases }}-${{ matrix.server-versions }}