Request#trusted_proxy? no longer accepts lines

 * Closes #508
 * Adds some limited coverage. More issues highlighted - incomplete local ips.

diff --git a/lib/rack/request.rb b/lib/rack/request.rb
index 6a22c309eb725458f69770986f70ad54a34b315f..e8734d762fe8de1865cb9bc87981fa8347dfe173 100644 (file)
--- a/lib/rack/request.rb
+++ b/lib/rack/request.rb
@@ -340,7 +340,7 @@ module Rack
     end
 
     def trusted_proxy?(ip)
-      ip =~ /^127\.0\.0\.1$|^(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|^::1$|^fd[0-9a-f]{2}:.+|^localhost$|^unix$|^unix:/i
+      ip =~ /\A127\.0\.0\.1\Z|\A(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i
     end
 
     def ip

diff --git a/test/spec_request.rb b/test/spec_request.rb
index 748115d813d8b68ff947e2bd4a4fd97fb8be8c93..9649c5d2e7a65cb89b91a761face3ae44885d6b2 100644 (file)
--- a/test/spec_request.rb
+++ b/test/spec_request.rb
@@ -1010,6 +1010,30 @@ EOF
     res.body.should.equal '3.4.5.6'
   end
 
+  should "regard local addresses as proxies" do
+    req = Rack::Request.new(Rack::MockRequest.env_for("/"))
+    req.trusted_proxy?('127.0.0.1').should.equal 0
+    req.trusted_proxy?('10.0.0.1').should.equal 0
+    req.trusted_proxy?('172.16.0.1').should.equal 0
+    req.trusted_proxy?('172.20.0.1').should.equal 0
+    req.trusted_proxy?('172.30.0.1').should.equal 0
+    req.trusted_proxy?('172.31.0.1').should.equal 0
+    req.trusted_proxy?('192.168.0.1').should.equal 0
+    req.trusted_proxy?('::1').should.equal 0
+    req.trusted_proxy?('fd00::').should.equal 0
+    req.trusted_proxy?('localhost').should.equal 0
+    req.trusted_proxy?('unix').should.equal 0
+    req.trusted_proxy?('unix:/tmp/sock').should.equal 0
+
+    req.trusted_proxy?("unix.example.org").should.equal nil
+    req.trusted_proxy?("example.org\n127.0.0.1").should.equal nil
+    req.trusted_proxy?("127.0.0.1\nexample.org").should.equal nil
+    req.trusted_proxy?("11.0.0.1").should.equal nil
+    req.trusted_proxy?("172.15.0.1").should.equal nil
+    req.trusted_proxy?("172.32.0.1").should.equal nil
+    req.trusted_proxy?("2001:470:1f0b:18f8::1").should.equal nil
+  end
+
   class MyRequest < Rack::Request
     def params
       {:foo => "bar"}