diff --git a/node_modules/ip/lib/ip.js b/node_modules/ip/lib/ip.js index 4b2adb5addd96..9022443ae540a 100644 --- a/node_modules/ip/lib/ip.js +++ b/node_modules/ip/lib/ip.js @@ -306,12 +306,26 @@ ip.isEqual = function (a, b) { }; ip.isPrivate = function (addr) { - return /^(::f{4}:)?10\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/i - .test(addr) + // check loopback addresses first + if (ip.isLoopback(addr)) { + return true; + } + + // ensure the ipv4 address is valid + if (!ip.isV6Format(addr)) { + const ipl = ip.normalizeToLong(addr); + if (ipl < 0) { + throw new Error('invalid ipv4 address'); + } + // normalize the address for the private range checks that follow + addr = ip.fromLong(ipl); + } + + // check private ranges + return /^(::f{4}:)?10\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/i.test(addr) || /^(::f{4}:)?192\.168\.([0-9]{1,3})\.([0-9]{1,3})$/i.test(addr) || /^(::f{4}:)?172\.(1[6-9]|2\d|30|31)\.([0-9]{1,3})\.([0-9]{1,3})$/i .test(addr) - || /^(::f{4}:)?127\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})$/i.test(addr) || /^(::f{4}:)?169\.254\.([0-9]{1,3})\.([0-9]{1,3})$/i.test(addr) || /^f[cd][0-9a-f]{2}:/i.test(addr) || /^fe80:/i.test(addr) @@ -324,9 +338,16 @@ ip.isPublic = function (addr) { }; ip.isLoopback = function (addr) { + // If addr is an IPv4 address in long integer form (no dots and no colons), convert it + if (!/\./.test(addr) && !/:/.test(addr)) { + addr = ip.fromLong(Number(addr)); + } + return /^(::f{4}:)?127\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/ .test(addr) - || /^fe80::1$/.test(addr) + || /^0177\./.test(addr) + || /^0x7f\./i.test(addr) + || /^fe80::1$/i.test(addr) || /^::1$/.test(addr) || /^::$/.test(addr); }; @@ -420,3 +441,51 @@ ip.fromLong = function (ipl) { ipl >> 8 & 255}.${ ipl & 255}`); }; + +ip.normalizeToLong = function (addr) { + const parts = addr.split('.').map(part => { + // Handle hexadecimal format + if (part.startsWith('0x') || part.startsWith('0X')) { + return parseInt(part, 16); + } + // Handle octal format (strictly digits 0-7 after a leading zero) + else if (part.startsWith('0') && part !== '0' && /^[0-7]+$/.test(part)) { + return parseInt(part, 8); + } + // Handle decimal format, reject invalid leading zeros + else if (/^[1-9]\d*$/.test(part) || part === '0') { + return parseInt(part, 10); + } + // Return NaN for invalid formats to indicate parsing failure + else { + return NaN; + } + }); + + if (parts.some(isNaN)) return -1; // Indicate error with -1 + + let val = 0; + const n = parts.length; + + switch (n) { + case 1: + val = parts[0]; + break; + case 2: + if (parts[0] > 0xff || parts[1] > 0xffffff) return -1; + val = (parts[0] << 24) | (parts[1] & 0xffffff); + break; + case 3: + if (parts[0] > 0xff || parts[1] > 0xff || parts[2] > 0xffff) return -1; + val = (parts[0] << 24) | (parts[1] << 16) | (parts[2] & 0xffff); + break; + case 4: + if (parts.some(part => part > 0xff)) return -1; + val = (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8) | parts[3]; + break; + default: + return -1; // Error case + } + + return val >>> 0; +}; diff --git a/node_modules/ip/package.json b/node_modules/ip/package.json index f0d95e9b789a6..3b5f4e98ef5b9 100644 --- a/node_modules/ip/package.json +++ b/node_modules/ip/package.json @@ -1,6 +1,6 @@ { "name": "ip", - "version": "2.0.0", + "version": "2.0.1", "author": "Fedor Indutny ", "homepage": "https://github.com/indutny/node-ip", "repository": { diff --git a/package-lock.json b/package-lock.json index 1b7e1aa128c15..43d9e3247211e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6373,9 +6373,9 @@ } }, "node_modules/ip": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.0.tgz", - "integrity": "sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz", + "integrity": "sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==", "inBundle": true }, "node_modules/ip-regex": {