Coder Social home page Coder Social logo

Comments (8)

sepehrdaddev avatar sepehrdaddev commented on June 11, 2024 1

@szuecs yes, thats clear that :: is not a valid IP but the reason why I created an issue is that, I would expect it to throw an error during the predicate creation saying that its not a valid IP rather than accepting it and then not being able to enforce it (in the test, the predicate gets created with :: successfully without any errors).

from skipper.

sepehrdaddev avatar sepehrdaddev commented on June 11, 2024 1

I think, this is an error case that hasn't been covered by the library which is important when using skipper as a library but its not something that causes a huge problem, its more a usability issue than anything else (I see Sandor already created a patch for it).

from skipper.

sepehrdaddev avatar sepehrdaddev commented on June 11, 2024

similar to #2848

from skipper.

szuecs avatar szuecs commented on June 11, 2024

But :: is not a valid client IP.

The input data is like here:

% go doc http.Request.RemoteAddr
package http // import "net/http"

type Request struct {
    // RemoteAddr allows HTTP servers and other software to record the network address
    // that sent the request, usually for logging. This field is not filled in by
    // ReadRequest and has no defined format. The HTTP server in this package sets
    // RemoteAddr to an "IP:port" address before invoking a handler. This field is
    // ignored by the HTTP client.
    RemoteAddr string

Of course in local tests you can define it different but you won't be able to create a call to http.Server, such that this will lead to :: as RemoteAddr.

from skipper.

AlexanderYastrebov avatar AlexanderYastrebov commented on June 11, 2024

the fuzzer panics when the ip address is ::

Hm, is there a panic in skipper code?

from skipper.

sepehrdaddev avatar sepehrdaddev commented on June 11, 2024

@AlexanderYastrebov so, I wrote the fuzzer in a way that if it finds something that is not correct, it would panic, this is because the fuzzer only detects panics, so anything unexpected must panic to be able to detect it.

so no, there is no panic in skipper code.

from skipper.

AlexanderYastrebov avatar AlexanderYastrebov commented on June 11, 2024

I think we can trust RemoteAddr as it comes from the server. Do we need to fix this at all?

from skipper.

szuecs avatar szuecs commented on June 11, 2024

I think it's fine to fix it because it's a generic function in skipper's net package.

from skipper.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.