Add check for empty address
Adds a check for an empty source address. This should in principle never happen, but this additional check will ensure, that in such cases we dont' allow something that should be blocked.
This commit is contained in:
parent
bb075137cb
commit
213135f6d7
|
@ -130,6 +130,16 @@ func cidr(addr string) string {
|
|||
|
||||
// IsAddressAllowed checks if the hook allows the given address. An address is allowed, if it is present in the AllowAddresses list (if non-empty) and if it is not present in the BlockedAddresses list (if non-empty)
|
||||
func (hook *Hook) IsAddressAllowed(addr string) (bool, error) {
|
||||
if addr == "" {
|
||||
// If we cannot determine the source address, but there are element in either the Allow or the Block list, the only safe thing we can do is to reject
|
||||
if hook.AllowAddresses != nil && len(hook.AllowAddresses) > 0 {
|
||||
return false, fmt.Errorf("no source address")
|
||||
}
|
||||
if hook.BlockedAddresses != nil && len(hook.BlockedAddresses) > 0 {
|
||||
return false, fmt.Errorf("no source address")
|
||||
}
|
||||
}
|
||||
|
||||
addr = cidr(addr)
|
||||
if hook.AllowAddresses != nil && len(hook.AllowAddresses) > 0 {
|
||||
// If AllowAddresses is defined and not empty, the given addr must be in the AllowAddresses list
|
||||
|
|
Loading…
Reference in a new issue