Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
const test = function(ctx, contentObj, callback) {
// Don't bother with non-link content items
if (contentObj.resourceSubType === 'link') {
const { link } = contentObj;
// Only allow HTTP(S) URLs
if (/^http(s)?:\/\//.test(link)) {
// Don't generate previews for internal IPs
if (!rangeCheck.inRange(link.slice(link.lastIndexOf('://') + 1), PreviewConstants.FORBIDDEN.INTERNAL_IPS)) {
// Default to the lowest possible score
return callback(null, 1);
}
}
}
return callback(null, -1);
};
const test = function(ctx, contentObj, callback) {
// Don't bother with non-link content items
if (contentObj.resourceSubType === 'link') {
const { link } = contentObj;
// Only allow HTTP(S) URLs
if (/^http(s)?:\/\//.test(link)) {
// Don't generate previews for internal IPs
if (
!rangeCheck.inRange(
link.slice(link.lastIndexOf('://') + 1),
PreviewConstants.FORBIDDEN.INTERNAL_IPS
)
) {
// Default to the lowest possible score
return callback(null, 1);
}
}
}
return callback(null, -1);
};
return range_check.validRange(ipRange);
});
if (allowedRanges.length <= 0) {
throw new Error('No valid CIDR ranges were specified');
}
// Using req.ips requires that express 'trust proxy' setting is
// true. When it *is* set the value for ips is extracted from the
// X-Forwarded-For request header. The originating IP address is
// the last one in the array.
var requestIP = (req.ips.length > 0) ? req.ips.slice().pop() : req.ip;
// Deny the request if request IP is not in one of the allowed
// IP address ranges.
var requestAllowed = range_check.inRange(requestIP, allowedRanges);
if (!requestAllowed) {
var msg = '-> blocked request from %s (not in allowed IP range)';
console.log(util.format(msg, req.ip));
// Display error page to the user.
var title = 'Sorry, your request is not authorized (403)';
var message = 'Requests from outside permitted IP range are not allowed';
var htmlError = wrapHTMLError(title, message);
return res.status(403).send(htmlError);
}
next();
};
function ip_range_matches() {
if( "ip_range_matches" in modification_rule ) {
for( var i = 0; i < modification_rule.ip_range_matches.length; i++ ) {
if( rangeCheck.inRange( request.address.address, modification_rule.ip_range_matches[i] ) ) {
return true;
}
}
} else {
return true;
}
return false;
}
const testCidrBlock = (ip, constraint, mode) => {
if (rangeCheck.inRange(ip, constraint)) {
return mode === 'allow'
} else {
return mode === 'deny'
}
}
promise.then(function(results) {
if (!results) {
res.status(500).json({
'message': 'Error fetching Akamai information!',
});
return;
}
for (let i =0; i < results[0]['ipv6_ranges'].length; i++) {
if (rangeCheck.inRange(req.query.ip, results[0]['ipv6_ranges'][i]['cidr'])) {
res.status(200).json({'result': true});
return;
}
}
res.status(200).json({'result': false});
return;
});
});
promise.then(function(data) {
if (!data) {
res.status(404).json({'message': 'Info not found'});
return;
}
let returnData = [];
for (let i=0; i < data.length; i++) {
if (rangeCheck.inRange(data[i]['value'], req.query.ipv6_range)) {
returnData.push(data[i]);
}
}
if (req.query.hasOwnProperty('count')) {
res.status(200).json({'count': returnData.length});
} else {
res.status(200).json(returnData);
}
return;
});
return;
socket.once('lookup', function(err, address, family, host) {
if (rangeCheck.inRange(address, blacklistedAddresses)) {
res.status(403).send('IP address is not allowed: ' + address);
res.end();
proxiedRequest.abort();
}
});
}).on('error', function(err) {
pass = pass || whitelist.some(test => rangeCheck.inRange(ipaddr, test));