Closed Bug 728862 Opened 13 years ago Closed 11 years ago

is_valid() in SetRemoteAddrFromForwardedFor::process_request() is not IPv6-safe

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect)

defect
Not set
major

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: reed, Assigned: davidbgk)

Details

(Whiteboard: [contribute])

https://github.com/jsocol/commonware/blob/master/commonware/request/middleware.py Not sure where bugs in middleware go, so filing this here... is_valid() is defined as the following: def is_valid(ip): try: socket.inet_aton(ip) return True except socket.error: return False However, inet_aton() is not IPv6-safe. From http://docs.python.org/library/socket.html#socket.inet_aton, "inet_aton() does not support IPv6, and inet_pton() should be used instead for IPv4/v6 dual stack support." Instead of dealing with the socket layer, you could just use some IP validation library instead... See Perl's Data::Validation::IP module's is_ipv4() and is_ipv6() functions.
On Github repos that have issues, please file Github issues. I filed https://github.com/jsocol/commonware/issues/10. Perl library functions are most useless to us here ;)
Fixed in v0.3.0 of commonware[1]. Note that users of the Graphite* middleware will need to start using django-statsd[2] if they want to upgrade commonware, as those classes have moved out of commonware and into that project. Now it's up to someone to upgrade this in AMO. [1] https://github.com/jsocol/commonware [2] https://github.com/andymckay/django-statsd
Whiteboard: [contribute]
Given that the current commonware version in production is 0.4.2, can we close that bug now?
Assignee: nobody → david
Yeah. Do check out bug 975888 though, looks similar.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WORKSFORME
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.