Fixed #2474 - ipv6 addresses are now filtered out before checking net…

…work address rules so that hostnames resolving to both do no trigger a rejection (#2475)
wiremock · Nov 2, 2023 · d96b8e5 · d96b8e5
1 parent ad9539e
commit d96b8e5
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/...ain/java/com/github/tomakehurst/wiremock/http/NetworkAddressRulesAdheringDnsResolver.java b/...ain/java/com/github/tomakehurst/wiremock/http/NetworkAddressRulesAdheringDnsResolver.java
@@ -17,8 +17,10 @@
 
 import com.github.tomakehurst.wiremock.common.NetworkAddressRules;
 import com.github.tomakehurst.wiremock.common.ProhibitedNetworkAddressException;
+import java.net.Inet4Address;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
+import java.util.Arrays;
 import java.util.stream.Stream;
 import org.apache.hc.client5.http.DnsResolver;
 import org.apache.hc.client5.http.SystemDefaultDnsResolver;
@@ -44,13 +46,17 @@ public InetAddress[] resolve(String host) throws UnknownHostException {
       throw new ProhibitedNetworkAddressException();
     }
 
-    final InetAddress[] resolved = delegate.resolve(host);
-    if (Stream.of(resolved)
+    final InetAddress[] resolvedIpv4 =
+        Arrays.stream(delegate.resolve(host))
+            .filter(inetAddress -> inetAddress instanceof Inet4Address)
+            .toArray(InetAddress[]::new);
+
+    if (Stream.of(resolvedIpv4)
         .anyMatch(address -> !networkAddressRules.isAllowed(address.getHostAddress()))) {
       throw new ProhibitedNetworkAddressException();
     }
 
-    return resolved;
+    return resolvedIpv4;
   }
 
   @Override

diff --git a/...java/com/github/tomakehurst/wiremock/http/NetworkAddressRulesAdheringDnsResolverTest.java b/...java/com/github/tomakehurst/wiremock/http/NetworkAddressRulesAdheringDnsResolverTest.java
@@ -24,6 +24,7 @@
 import java.net.UnknownHostException;
 import java.util.stream.Stream;
 import org.apache.hc.client5.http.impl.InMemoryDnsResolver;
+import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
 
@@ -244,6 +245,18 @@ void resolveThrowsExceptionForIpv4AddressWithHostnameAllowRule(String host)
     assertThatThrownBy(() -> resolver.resolve(host));
   }
 
+  @Test
+  void resolveIgnoresIpv6Addresses() throws UnknownHostException {
+    register("1.example.com", "10.1.1.1", "2001:0db8:85a3:0000:0000:8a2e:0370:7334");
+
+    NetworkAddressRules rules = DefaultNetworkAddressRules.builder().allow("10.1.1.1").build();
+
+    NetworkAddressRulesAdheringDnsResolver resolver =
+        new NetworkAddressRulesAdheringDnsResolver(dns, rules);
+
+    assertThat(resolver.resolve("1.example.com")).isEqualTo(dns.resolve("10.1.1.1"));
+  }
+
   private void register(String host, String... ipAddresses) throws UnknownHostException {
     dns.add(
         host,