Do not consider private IPv4 address valid hostnames

jenkinsci · Jan 24, 2024 · fba74d6 · fba74d6
1 parent c32e818
commit fba74d6
Showing 1 changed file with 43 additions and 15 deletions.
diff --git a/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogUtilities.java b/src/main/java/org/datadog/jenkins/plugins/datadog/DatadogUtilities.java
@@ -39,13 +39,12 @@ of this software and associated documentation files (the "Software"), to deal
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.net.Inet4Address;
-import java.net.MalformedURLException;
-import java.net.URL;
 import java.net.UnknownHostException;
 import java.nio.charset.Charset;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
@@ -586,6 +585,14 @@ public static String getHostname(EnvVars envVars) {
         return null;
     }
 
+    private static final Pattern VALID_HOSTNAME_RFC_1123_PATTERN = Pattern.compile("^(([a-zA-Z0-9]|"
+            + "[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*"
+            + "([A-Za-z0-9]|"
+            + "[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$");
+
+    private static final Collection<String> LOCAL_HOSTS = Arrays.asList("localhost", "localhost.localdomain",
+            "localhost6.localdomain6", "ip6-localhost");
+
     /**
      * Validator function to ensure that the hostname is valid. Also, fails on
      * empty String.
@@ -598,35 +605,56 @@ public static Boolean isValidHostname(String hostname) {
             return false;
         }
 
-        String[] localHosts = {"localhost", "localhost.localdomain",
-                "localhost6.localdomain6", "ip6-localhost"};
-        String VALID_HOSTNAME_RFC_1123_PATTERN = "^(([a-zA-Z0-9]|"
-                + "[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*"
-                + "([A-Za-z0-9]|"
-                + "[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$";
-        String host = hostname.toLowerCase();
-
         // Check if hostname is local
-        if (Arrays.asList(localHosts).contains(host)) {
+        if (LOCAL_HOSTS.contains(hostname.toLowerCase())) {
             logger.fine(String.format("Hostname: %s is local", hostname));
             return false;
         }
 
+        if (isPrivateIPv4Address(hostname)) {
+            logger.fine(String.format("Hostname: %s is a private IPv4 address", hostname));
+            return false;
+        }
+
         // Ensure proper length
         if (hostname.length() > MAX_HOSTNAME_LEN) {
             logger.fine(String.format("Hostname: %s is too long (max length is %s characters)",
                     hostname, MAX_HOSTNAME_LEN));
             return false;
         }
 
-        // Check compliance with RFC 1123
-        Pattern r = Pattern.compile(VALID_HOSTNAME_RFC_1123_PATTERN);
-        Matcher m = r.matcher(hostname);
-
         // Final check: Hostname matches RFC1123?
+        Matcher m = VALID_HOSTNAME_RFC_1123_PATTERN.matcher(hostname);
         return m.find();
     }
 
+    private static boolean isPrivateIPv4Address(String ipAddress) {
+        if (ipAddress == null || ipAddress.isEmpty()) {
+            return false;
+        }
+
+        String[] parts = ipAddress.split("\\.");
+        if (parts.length != 4) {
+            return false;
+        }
+
+        try {
+            int firstOctet = Integer.parseInt(parts[0]);
+            int secondOctet = Integer.parseInt(parts[1]);
+
+            if (firstOctet == 10) {
+                return true;
+            } else if (firstOctet == 172 && (secondOctet >= 16 && secondOctet <= 31)) {
+                return true;
+            } else if (firstOctet == 192 && secondOctet == 168) {
+                return true;
+            }
+            return false;
+        } catch (NumberFormatException e) {
+            return false;
+        }
+    }
+
     public static Map<String, Set<String>> getComputerTags(Computer computer) {
         Set<LabelAtom> labels = null;
         try {