Support ipv6 extraction

Inbal Tako · Inbal Tako · commit 6f8c7c21f12c · 2020-10-27T18:53:56.000+02:00
diff --git a/lib/securenative/utils/request_utils.rb b/lib/securenative/utils/request_utils.rb
@@ -49,12 +49,18 @@ def self.get_client_ip_from_request(request, options)
 
         begin
           x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
+          if ip.include? ','
+            x_forwarded_for = ip.split(',')[0]
+          end
           if self.validate_ip(x_forwarded_for)
             return x_forwarded_for
           end
         rescue NoMethodError
           begin
             x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
+            if ip.include? ','
+              x_forwarded_for = ip.split(',')[0]
+            end
             if self.validate_ip(x_forwarded_for)
               return x_forwarded_for
             end
@@ -65,12 +71,18 @@ def self.get_client_ip_from_request(request, options)
 
         begin
           x_forwarded_for = request.env['HTTP_X_REAL_IP']
+          if ip.include? ','
+            x_forwarded_for = ip.split(',')[0]
+          end
           if self.validate_ip(x_forwarded_for)
             return x_forwarded_for
           end
         rescue NoMethodError
           begin
             x_forwarded_for = request['HTTP_X_REAL_IP']
+            if ip.include? ','
+              x_forwarded_for = ip.split(',')[0]
+            end
             if self.validate_ip(x_forwarded_for)
               return x_forwarded_for
             end
@@ -81,12 +93,18 @@ def self.get_client_ip_from_request(request, options)
 
         begin
           x_forwarded_for = request.env['REMOTE_ADDR']
+          if ip.include? ','
+            x_forwarded_for = ip.split(',')[0]
+          end
           if self.validate_ip(x_forwarded_for)
             return x_forwarded_for
           end
         rescue NoMethodError
           begin
             x_forwarded_for = request['REMOTE_ADDR']
+            if ip.include? ','
+              x_forwarded_for = ip.split(',')[0]
+            end
             if self.validate_ip(x_forwarded_for)
               return x_forwarded_for
             end
@@ -119,6 +137,9 @@ def self.parse_ip(headers)
 
       def self.parse_proxy_header(headers, header_key)
         h = headers.gsub(header_key + ': ', '')
+        if headers.include? ','
+          h = h.split(',')[0]
+        end
         return h
       end
 
diff --git a/spec/securenative/utils/spec_request_utils.rb b/spec/securenative/utils/spec_request_utils.rb
@@ -42,4 +42,23 @@
 
     expect(client_ip).to eq('f71f:5bf9:25ff:1883:a8c4:eeff:7b80:aa2d')
   end
+
+  it 'extract a request with proxy headers multiple ipv4' do
+    options = SecureNative::Options.new
+    options.proxy_headers = [
+        'CF-Connecting-IP'
+    ]
+
+    stub_request(:get, 'http://www.example.com/')
+        .with(headers: {
+            'Accept' => '*/*',
+            'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
+            'User-Agent' => 'Ruby'
+        }).to_return(status: 200, body: '', headers: { 'CF-Connecting-IP' => 'CF-Connecting-IP: 141.246.115.116, 203.0.113.1, 12.34.56.3' })
+
+    request = Net::HTTP.get_response('www.example.com', '/')
+    client_ip = SecureNative::Utils::RequestUtils.get_client_ip_from_request(request, options)
+
+    expect(client_ip).to eq('141.246.115.116')
+  end
 end
