Merge pull request #2752 from fermyon/fix-cidr

Fix checking of cidr ranges
fermyon · Aug 26, 2024 · 527c2e3 · 527c2e3
2 parents b9ed65a + 7d15bdd
commit 527c2e3
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/crates/outbound-networking/src/lib.rs b/crates/outbound-networking/src/lib.rs
@@ -175,7 +175,7 @@ impl HostConfig {
             HostConfig::List(l) => l.iter().any(|h| h.as_str() == host),
             HostConfig::ToSelf => false,
             HostConfig::Cidr(c) => {
-                let Ok(ip) = host.parse::<ipnet::IpNet>() else {
+                let Ok(ip) = host.parse::<std::net::IpAddr>() else {
                     return false;
                 };
                 c.contains(&ip)
@@ -776,4 +776,11 @@ mod test {
             .allows(&OutboundUrl::parse("mysql://user%3Apass%[email protected]", "mysql").unwrap()));
         assert!(allowed.allows(&OutboundUrl::parse("user%3Apass%[email protected]", "mysql").unwrap()));
     }
+
+    #[test]
+    fn test_cidr() {
+        let allowed =
+            AllowedHostsConfig::parse(&["*://127.0.0.1/24:63551"], &dummy_resolver()).unwrap();
+        assert!(allowed.allows(&OutboundUrl::parse("tcp://127.0.0.1:63551", "tcp").unwrap()));
+    }
 }