From 006271f6a782141a7c9cef17e6d76f080c022add Mon Sep 17 00:00:00 2001 From: Charlie Barto Date: Mon, 4 Dec 2023 19:58:39 -0800 Subject: [PATCH] make Uri.is_host_loopback() only return true for localhost and 127.0.0.1 exactly --- Release/include/cpprest/base_uri.h | 5 +++-- Release/tests/functional/uri/constructor_tests.cpp | 5 +++++ Release/tests/functional/uri/diagnostic_tests.cpp | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Release/include/cpprest/base_uri.h b/Release/include/cpprest/base_uri.h index 7c6943119c..7e96b6c016 100644 --- a/Release/include/cpprest/base_uri.h +++ b/Release/include/cpprest/base_uri.h @@ -296,13 +296,14 @@ class uri /// A loopback URI is one which refers to a hostname or ip address with meaning only on the local machine. /// /// - /// Examples include "localhost", or ip addresses in the loopback range (127.0.0.0/24). + /// Examples include "localhost", or "127.0.0.1". The only URIs for which this method returns true are "127.0.0.1", and "localhost", + /// all other URIs return false /// /// true if this URI references the local host, false otherwise. bool is_host_loopback() const { return !is_empty() && - ((host() == _XPLATSTR("localhost")) || (host().size() > 4 && host().substr(0, 4) == _XPLATSTR("127."))); + ((host() == _XPLATSTR("localhost")) || (host() == _XPLATSTR("127.0.0.1"))); } /// diff --git a/Release/tests/functional/uri/constructor_tests.cpp b/Release/tests/functional/uri/constructor_tests.cpp index ea6041c26a..ffcf5ada27 100644 --- a/Release/tests/functional/uri/constructor_tests.cpp +++ b/Release/tests/functional/uri/constructor_tests.cpp @@ -24,6 +24,11 @@ namespace uri_tests { SUITE(constructor_tests) { + TEST(not_really_a_loopback_uri) + { + uri u(uri::encode_uri(U("https://127.evil.com"))); + VERIFY_IS_FALSE(u.is_host_loopback()); + } TEST(parsing_constructor_char) { uri u(uri::encode_uri(U("net.tcp://steve:@testname.com:81/bleh%?qstring#goo"))); diff --git a/Release/tests/functional/uri/diagnostic_tests.cpp b/Release/tests/functional/uri/diagnostic_tests.cpp index d8fb45d91c..3271898f60 100644 --- a/Release/tests/functional/uri/diagnostic_tests.cpp +++ b/Release/tests/functional/uri/diagnostic_tests.cpp @@ -82,7 +82,7 @@ SUITE(diagnostic_tests) VERIFY_IS_FALSE(uri(U("http://bleh/?qstring")).is_host_loopback()); VERIFY_IS_FALSE(uri(U("http://+*/?qstring")).is_host_loopback()); VERIFY_IS_TRUE(uri(U("http://127.0.0.1/")).is_host_loopback()); - VERIFY_IS_TRUE(uri(U("http://127.155.0.1/")).is_host_loopback()); + VERIFY_IS_FALSE(uri(U("http://127.155.0.1/")).is_host_loopback()); VERIFY_IS_FALSE(uri(U("http://128.0.0.1/")).is_host_loopback()); }