From 14f16fdb1d19a2e28227795a8ad319c50d508074 Mon Sep 17 00:00:00 2001 From: Henrique Dias Date: Fri, 17 May 2024 09:54:55 +0200 Subject: [PATCH] fix: filter out private addresses when only using dht (#68) --- CHANGELOG.md | 16 +++++++++------- server.go | 2 +- server_test.go | 24 ++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 server_test.go diff --git a/CHANGELOG.md b/CHANGELOG.md index bc3dcdc..2803d7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,12 +11,6 @@ The following emojis are used to highlight certain changes: * 🛠 - BREAKING CHANGE. Action is required if you use this functionality. * ✨ - Noteworthy change to be aware of. -## [v0.2.1] - -### Fixed - -- Upgraded Boxo with fix to ensure that `/routing/v1/peers` endpoint accepts all variants of Peer IDs that are seen in the wild. - ## [Unreleased] ### Added @@ -27,4 +21,12 @@ The following emojis are used to highlight certain changes: ### Fixed -### Security \ No newline at end of file +- The `/routing/v1/peers` endpoint correctly filters out private addresses. + +### Security + +## [v0.2.1] + +### Fixed + +- Upgraded Boxo with fix to ensure that `/routing/v1/peers` endpoint accepts all variants of Peer IDs that are seen in the wild. diff --git a/server.go b/server.go index c16bb20..41e985f 100644 --- a/server.go +++ b/server.go @@ -155,7 +155,7 @@ func newHost(highOutboundLimits bool) (host.Host, error) { func getCombinedRouting(endpoints []string, dht routing.Routing) (router, error) { if len(endpoints) == 0 { - return libp2pRouter{routing: dht}, nil + return sanitizeRouter{libp2pRouter{routing: dht}}, nil } var routers []router diff --git a/server_test.go b/server_test.go new file mode 100644 index 0000000..99c10b2 --- /dev/null +++ b/server_test.go @@ -0,0 +1,24 @@ +package main + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestGetCombinedRouting(t *testing.T) { + t.Parallel() + + // Check of the result of get combined routing is a sanitize router. + v, err := getCombinedRouting(nil, &bundledDHT{}) + require.NoError(t, err) + require.IsType(t, sanitizeRouter{}, v) + + v, err = getCombinedRouting([]string{"https://example.com/"}, nil) + require.NoError(t, err) + require.IsType(t, sanitizeRouter{}, v) + + v, err = getCombinedRouting([]string{"https://example.com/"}, &bundledDHT{}) + require.NoError(t, err) + require.IsType(t, sanitizeRouter{}, v) +}