Trang chủ Khám phá Trợ giúp
Đăng nhập
RISCI_ATOM
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Các tập tin Các vấn đề 23 Wiki
Tree: 205ee83438
Branches Tags
nextcloud-serve...
/
lib
/
private
/
Security
/
Normalizer
/
IpAddress.php

IpAddress.php 2.0 KB
Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. /**
    6. 

  6.  * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
    7. 

  7.  * SPDX-License-Identifier: AGPL-3.0-or-later
    8. 

  8.  */
    9. 

  9. namespace OC\Security\Normalizer;
    10. 

  10. 

  11. /**
    12. 

  12.  * Class IpAddress is used for normalizing IPv4 and IPv6 addresses in security
    13. 

  13.  * relevant contexts in Nextcloud.
    14. 

  14.  *
    15. 

  15.  * @package OC\Security\Normalizer
    16. 

  16.  */
    17. 

  17. class IpAddress {
    18. 

  18. 	/**
    19. 

  19. 	 * @param string $ip IP to normalize
    20. 

  20. 	 */
    21. 

  21. 	public function __construct(
    22. 

  22. 		private string $ip,
    23. 

  23. 	) {
    24. 

  24. 	}
    25. 

  25. 

  26. 	/**
    27. 

  27. 	 * Return the given subnet for an IPv6 address (64 first bits)
    28. 

  28. 	 */
    29. 

  29. 	private function getIPv6Subnet(string $ip): string {
    30. 

  30. 		if ($ip[0] === '[' && $ip[-1] === ']') { // If IP is with brackets, for example [::1]
    31. 

  31. 			$ip = substr($ip, 1, strlen($ip) - 2);
    32. 

  32. 		}
    33. 

  33. 		$pos = strpos($ip, '%'); // if there is an explicit interface added to the IP, e.g. fe80::ae2d:d1e7:fe1e:9a8d%enp2s0
    34. 

  34. 		if ($pos !== false) {
    35. 

  35. 			$ip = substr($ip, 0, $pos - 1);
    36. 

  36. 		}
    37. 

  37. 

  38. 		$binary = \inet_pton($ip);
    39. 

  39. 		$mask = inet_pton('FFFF:FFFF:FFFF:FFFF::');
    40. 

  40. 

  41. 		return inet_ntop($binary & $mask).'/64';
    42. 

  42. 	}
    43. 

  43. 

  44. 	/**
    45. 

  45. 	 * Returns the IPv4 address embedded in an IPv6 if applicable.
    46. 

  46. 	 * The detected format is "::ffff:x.x.x.x" using the binary form.
    47. 

  47. 	 *
    48. 

  48. 	 * @return string|null embedded IPv4 string or null if none was found
    49. 

  49. 	 */
    50. 

  50. 	private function getEmbeddedIpv4(string $ipv6): ?string {
    51. 

  51. 		$binary = inet_pton($ipv6);
    52. 

  52. 		if (!$binary) {
    53. 

  53. 			return null;
    54. 

  54. 		}
    55. 

  55. 

  56. 		$mask = inet_pton('::FFFF:FFFF');
    57. 

  57. 		if (($binary & ~$mask) !== inet_pton('::FFFF:0.0.0.0')) {
    58. 

  58. 			return null;
    59. 

  59. 		}
    60. 

  60. 

  61. 		return inet_ntop(substr($binary, -4));
    62. 

  62. 	}
    63. 

  63. 

  64. 

  65. 	/**
    66. 

  66. 	 * Gets either the /32 (IPv4) or the /64 (IPv6) subnet of an IP address
    67. 

  67. 	 */
    68. 

  68. 	public function getSubnet(): string {
    69. 

  69. 		if (filter_var($this->ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
    70. 

  70. 			return $this->ip.'/32';
    71. 

  71. 		}
    72. 

  72. 

  73. 		$ipv4 = $this->getEmbeddedIpv4($this->ip);
    74. 

  74. 		if ($ipv4 !== null) {
    75. 

  75. 			return $ipv4.'/32';
    76. 

  76. 		}
    77. 

  77. 

  78. 		return $this->getIPv6Subnet($this->ip);
    79. 

  79. 	}
    80. 

  80. 

  81. 	/**
    82. 

  82. 	 * Returns the specified IP address
    83. 

  83. 	 */
    84. 

  84. 	public function __toString(): string {
    85. 

  85. 		return $this->ip;
    86. 

  86. 	}
    87. 

  87. }
    88.