Convert blacklisted IPv4 addresses to compatible IPv6 addresses. (#9240)

Also add a few more IP ranges to the default blacklist.
2025-05-02 13:36:02 -04:00 · 2021-02-03 07:13:46 -05:00 · 2021-02-03 07:13:46 -05:00 · 4ca054a4ea
commit 4ca054a4ea
parent ff55300b91
5 changed files with 161 additions and 29 deletions
--- a/synapse/config/repository.py
+++ b/synapse/config/repository.py
@ -17,9 +17,7 @@ import os
 from collections import namedtuple
 from typing import Dict, List

-from netaddr import IPSet
-
-from synapse.config.server import DEFAULT_IP_RANGE_BLACKLIST
+from synapse.config.server import DEFAULT_IP_RANGE_BLACKLIST, generate_ip_set
 from synapse.python_dependencies import DependencyException, check_requirements
 from synapse.util.module_loader import load_module

@ -187,16 +185,17 @@ class ContentRepositoryConfig(Config):
                    "to work"
                )

-            self.url_preview_ip_range_blacklist = IPSet(
-                config["url_preview_ip_range_blacklist"]
-            )
-
            # we always blacklist '0.0.0.0' and '::', which are supposed to be
            # unroutable addresses.
-            self.url_preview_ip_range_blacklist.update(["0.0.0.0", "::"])
+            self.url_preview_ip_range_blacklist = generate_ip_set(
+                config["url_preview_ip_range_blacklist"],
+                ["0.0.0.0", "::"],
+                config_path=("url_preview_ip_range_blacklist",),
+            )

-            self.url_preview_ip_range_whitelist = IPSet(
-                config.get("url_preview_ip_range_whitelist", ())
+            self.url_preview_ip_range_whitelist = generate_ip_set(
+                config.get("url_preview_ip_range_whitelist", ()),
+                config_path=("url_preview_ip_range_whitelist",),
            )

            self.url_preview_url_blacklist = config.get("url_preview_url_blacklist", ())