(tomcat) branch 10.1.x updated: Refactor RemoteCIDRFilter to use NetMaskSet

Fri, 19 Sep 2025 08:58:13 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new 763fcd16b1 Refactor RemoteCIDRFilter to use NetMaskSet
763fcd16b1 is described below

commit 763fcd16b1d43d7a7abe30e701c0461505ced374
Author: Mark Thomas <[email protected]>
AuthorDate: Fri Sep 19 16:02:12 2025 +0100

    Refactor RemoteCIDRFilter to use NetMaskSet
---
 .../apache/catalina/filters/RemoteCIDRFilter.java  | 60 ++++------------------
 1 file changed, 11 insertions(+), 49 deletions(-)

diff --git a/java/org/apache/catalina/filters/RemoteCIDRFilter.java 
b/java/org/apache/catalina/filters/RemoteCIDRFilter.java
index dbcdf9ba44..7748927119 100644
--- a/java/org/apache/catalina/filters/RemoteCIDRFilter.java
+++ b/java/org/apache/catalina/filters/RemoteCIDRFilter.java
@@ -20,8 +20,6 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;
 
 import jakarta.servlet.FilterChain;
@@ -31,9 +29,9 @@ import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletResponse;
 
 import org.apache.catalina.util.NetMask;
+import org.apache.catalina.util.NetMaskSet;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
-import org.apache.tomcat.util.buf.StringUtils;
 
 public final class RemoteCIDRFilter extends FilterBase {
 
@@ -49,14 +47,14 @@ public final class RemoteCIDRFilter extends FilterBase {
     private final Log log = LogFactory.getLog(RemoteCIDRFilter.class); // must 
not be static
 
     /**
-     * The list of allowed {@link NetMask}s
+     * The allowed {@link NetMask}s.
      */
-    private final List<NetMask> allow = new ArrayList<>();
+    private final NetMaskSet allow = new NetMaskSet();
 
     /**
-     * The list of denied {@link NetMask}s
+     * The denied {@link NetMask}s.
      */
-    private final List<NetMask> deny = new ArrayList<>();
+    private final NetMaskSet deny = new NetMaskSet();
 
 
     /**
@@ -77,7 +75,7 @@ public final class RemoteCIDRFilter extends FilterBase {
      * @throws IllegalArgumentException One or more netmasks are invalid
      */
     public void setAllow(final String input) {
-        final List<String> messages = fillFromInput(input, allow);
+        final List<String> messages = allow.addAll(input);
 
         if (messages.isEmpty()) {
             return;
@@ -109,7 +107,7 @@ public final class RemoteCIDRFilter extends FilterBase {
      * @throws IllegalArgumentException One or more netmasks are invalid
      */
     public void setDeny(final String input) {
-        final List<String> messages = fillFromInput(input, deny);
+        final List<String> messages = deny.addAll(input);
 
         if (messages.isEmpty()) {
             return;
@@ -174,22 +172,17 @@ public final class RemoteCIDRFilter extends FilterBase {
             return false;
         }
 
-        for (final NetMask nm : deny) {
-            if (nm.matches(addr)) {
-                return false;
-            }
+        if (deny.contains(addr)) {
+            return false;
         }
 
-        for (final NetMask nm : allow) {
-            if (nm.matches(addr)) {
-                return true;
-            }
+        if (allow.contains(addr)) {
+            return true;
         }
 
         // Allow if deny is specified but allow isn't
         // Deny this request otherwise
         return !deny.isEmpty() && allow.isEmpty();
-
     }
 
 
@@ -199,35 +192,4 @@ public final class RemoteCIDRFilter extends FilterBase {
         writer.write(sm.getString("http.403"));
         writer.flush();
     }
-
-
-    /**
-     * Fill a {@link NetMask} list from a string input containing a 
comma-separated list of (hopefully valid)
-     * {@link NetMask}s.
-     *
-     * @param input  The input string
-     * @param target The list to fill
-     *
-     * @return a string list of processing errors (empty when no errors)
-     */
-    private List<String> fillFromInput(final String input, final List<NetMask> 
target) {
-        target.clear();
-        if (input == null || input.isEmpty()) {
-            return Collections.emptyList();
-        }
-
-        final List<String> messages = new ArrayList<>();
-        NetMask nm;
-
-        for (final String s : StringUtils.splitCommaSeparated(input)) {
-            try {
-                nm = new NetMask(s);
-                target.add(nm);
-            } catch (IllegalArgumentException e) {
-                messages.add(s + ": " + e.getMessage());
-            }
-        }
-
-        return Collections.unmodifiableList(messages);
-    }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to