From 445b937842047ac20fab52020e80f710b6b8d16d Mon Sep 17 00:00:00 2001 From: Phy Date: Sun, 20 Oct 2019 20:13:11 -0400 Subject: [PATCH] clientIP: Add tests addressing #2828 We cannot trust any IP not included in $conf['trustedproxy']. --- _test/tests/inc/common_clientip.test.php | 95 +++++++++++++++++++++++++------- 1 file changed, 75 insertions(+), 20 deletions(-) diff --git a/_test/tests/inc/common_clientip.test.php b/_test/tests/inc/common_clientip.test.php index 5b569cd98..99db50e3a 100644 --- a/_test/tests/inc/common_clientip.test.php +++ b/_test/tests/inc/common_clientip.test.php @@ -2,12 +2,19 @@ class common_clientIP_test extends DokuWikiTest { + function setup(){ + parent::setup(); + + global $conf; + $conf['trustedproxy'] = '^(::1|[fF][eE]80:|127\.|10\.|192\.168\.|172\.((1[6-9])|(2[0-9])|(3[0-1]))\.)'; + } + function test_simple_all(){ $_SERVER['REMOTE_ADDR'] = '123.123.123.123'; $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = ''; $out = '123.123.123.123'; - $this->assertEquals(clientIP(),$out); + $this->assertEquals($out, clientIP()); } function test_proxy1_all(){ @@ -15,7 +22,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = '77.77.77.77'; $_SERVER['HTTP_X_FORWARDED_FOR'] = ''; $out = '123.123.123.123,77.77.77.77'; - $this->assertEquals(clientIP(),$out); + $this->assertEquals($out, clientIP()); } function test_proxy2_all(){ @@ -23,7 +30,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = '77.77.77.77'; $out = '123.123.123.123,77.77.77.77'; - $this->assertEquals(clientIP(),$out); + $this->assertEquals($out, clientIP()); } function test_proxyhops_all(){ @@ -31,7 +38,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = '77.77.77.77,66.66.66.66'; $out = '123.123.123.123,77.77.77.77,66.66.66.66'; - $this->assertEquals(clientIP(),$out); + $this->assertEquals($out, clientIP()); } function test_simple_single(){ @@ -39,31 +46,63 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = ''; $out = '123.123.123.123'; - $this->assertEquals(clientIP(true),$out); + $this->assertEquals($out, clientIP(true)); } function test_proxy1_single(){ $_SERVER['REMOTE_ADDR'] = '123.123.123.123'; $_SERVER['HTTP_X_REAL_IP'] = '77.77.77.77'; $_SERVER['HTTP_X_FORWARDED_FOR'] = ''; - $out = '77.77.77.77'; - $this->assertEquals(clientIP(true),$out); + $out = '123.123.123.123'; + $this->assertEquals($out, clientIP(true)); } function test_proxy2_single(){ $_SERVER['REMOTE_ADDR'] = '123.123.123.123'; $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = '77.77.77.77'; - $out = '77.77.77.77'; - $this->assertEquals(clientIP(true),$out); + $out = '123.123.123.123'; + $this->assertEquals($out, clientIP(true)); } function test_proxyhops_single(){ $_SERVER['REMOTE_ADDR'] = '123.123.123.123'; $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = '77.77.77.77,66.66.66.66'; + $out = '123.123.123.123'; + $this->assertEquals($out, clientIP(true)); + } + + function test_proxy1_local_single(){ + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + $_SERVER['HTTP_X_REAL_IP'] = '77.77.77.77'; + $_SERVER['HTTP_X_FORWARDED_FOR'] = ''; + $out = '77.77.77.77'; + $this->assertEquals($out, clientIP(true)); + } + + function test_proxy2_local_single(){ + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + $_SERVER['HTTP_X_REAL_IP'] = ''; + $_SERVER['HTTP_X_FORWARDED_FOR'] = '77.77.77.77'; + $out = '77.77.77.77'; + $this->assertEquals($out, clientIP(true)); + } + + function test_proxyhops1_local_single(){ + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + $_SERVER['HTTP_X_REAL_IP'] = ''; + $_SERVER['HTTP_X_FORWARDED_FOR'] = '77.77.77.77,66.66.66.66'; + $out = '77.77.77.77'; + $this->assertEquals($out, clientIP(true)); + } + + function test_proxyhops2_local_single(){ + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + $_SERVER['HTTP_X_REAL_IP'] = ''; + $_SERVER['HTTP_X_FORWARDED_FOR'] = '10.0.0.1,66.66.66.66'; $out = '66.66.66.66'; - $this->assertEquals(clientIP(true),$out); + $this->assertEquals($out, clientIP(true)); } function test_local_all(){ @@ -71,7 +110,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = '127.0.0.1'; $out = '123.123.123.123,127.0.0.1'; - $this->assertEquals(clientIP(),$out); + $this->assertEquals($out, clientIP()); } function test_local1_single(){ @@ -79,7 +118,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = '127.0.0.1'; $out = '123.123.123.123'; - $this->assertEquals(clientIP(true),$out); + $this->assertEquals($out, clientIP(true)); } function test_local2_single(){ @@ -87,7 +126,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = '123.123.123.123'; $out = '123.123.123.123'; - $this->assertEquals(clientIP(true),$out); + $this->assertEquals($out, clientIP(true)); } function test_local3_single(){ @@ -95,7 +134,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = '127.0.0.1,10.0.0.1,192.168.0.2,172.17.1.1,172.21.1.1,172.31.1.1'; $out = '123.123.123.123'; - $this->assertEquals(clientIP(true),$out); + $this->assertEquals($out, clientIP(true)); } function test_local4_single(){ @@ -103,7 +142,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = '192.168.0.5'; $out = '192.168.0.5'; - $this->assertEquals(clientIP(true),$out); + $this->assertEquals($out, clientIP(true)); } function test_garbage_all(){ @@ -111,7 +150,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = 'some garbage, or something, 222'; $out = '123.123.123.123'; - $this->assertEquals(clientIP(),$out); + $this->assertEquals($out, clientIP()); } function test_garbage_single(){ @@ -119,7 +158,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = 'some garbage, or something, 222'; $out = '123.123.123.123'; - $this->assertEquals(clientIP(true),$out); + $this->assertEquals($out, clientIP(true)); } function test_garbageonly_all(){ @@ -127,7 +166,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = 'some garbage, or something, 222'; $out = '0.0.0.0'; - $this->assertEquals(clientIP(),$out); + $this->assertEquals($out, clientIP()); } function test_garbageonly_single(){ @@ -135,7 +174,7 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = 'some garbage, or something, 222'; $out = '0.0.0.0'; - $this->assertEquals(clientIP(true),$out); + $this->assertEquals($out, clientIP(true)); } function test_malicious(){ @@ -143,7 +182,23 @@ class common_clientIP_test extends DokuWikiTest { $_SERVER['HTTP_X_REAL_IP'] = ''; $_SERVER['HTTP_X_FORWARDED_FOR'] = ''; $out = '0.0.0.0'; - $this->assertEquals(clientIP(),$out); + $this->assertEquals($out, clientIP()); + } + + function test_malicious_with_remote_addr(){ + $_SERVER['REMOTE_ADDR'] = '8.8.8.8'; + $_SERVER['HTTP_X_REAL_IP'] = ''; + $_SERVER['HTTP_X_FORWARDED_FOR'] = ''; + $out = '8.8.8.8'; + $this->assertEquals($out, clientIP(true)); + } + + function test_proxied_malicious_with_remote_addr(){ + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; + $_SERVER['HTTP_X_REAL_IP'] = ''; + $_SERVER['HTTP_X_FORWARDED_FOR'] = '8.8.8.8,'; + $out = '8.8.8.8,123.123.123.123'; + $this->assertEquals($out, clientIP()); } } -- 2.11.4.GIT